Cyber Newsroom Feed
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
shostack.org
Reflecting on Threats: The Frame
Shostack + Associates > Blog > Reflecting on Threats: The Frame Shostack + Friends Blog Now that the Threats book is out and the first reviews are in (thank you!), I want to talk more about the frame ... Read more
-
shostack.org
Application Security Roundup - March
Shostack + Associates > Blog > Application Security Roundup - March Shostack + Friends Blog The March appsec roundup includes few tools, some thoughts on injection, some standards, and some of my own ... Read more
-
huntress.com
Everything We Know About CVE-2023-23397 | Huntress
Huntress has been tracking CVE-2023-23397, a critical vulnerability/0-day that impacts Microsoft Outlook. Unlike other exploits we’ve seen in the past, this exploit is particularly dangerous because n ... Read more
-
huntress.com
Veeam Backup & Replication CVE-2023-27532 Response | Huntress
UPDATE 03/13/2023 2252 ET: After taking further inventory of our partner's Veeam service binary details to review the version number, we uncovered many more unpatched and vulnerable hosts. We are send ... Read more
-
huntress.com
Investigating Intrusions From Intriguing Exploits
SummaryOn 02 February 2023, an alert triggered in a Huntress-protected environment. At first glance, the alert itself was fairly generic - a combination of certutil using the urlcache flag to retrieve ... Read more
-
huntress.com
OWASSRF Explained: Analyzing the Microsoft Exchange RCE Vulnerability | Huntress
We simply couldn’t end the year 2022 on a calm note—hackers made sure of that with their latest Microsoft Exchange exploit. On December 22, Huntress observed a significant increase in malicious PowerS ... Read more
-
huntress.com
Overblown Claims of Vulnerabilities, Exploits, & Severity | Huntress
Over the past few weeks, the Huntress team has been tracking the recent conversations surrounding supposed ConnectWise Control vulnerabilities and alleged in-the-wild exploitation. We have been in con ... Read more
-
360 Netlab Blog - Network Security Research Lab at 360
快讯:使用21个漏洞传播的DDoS家族WSzero已经发展到第4个版本
概述 近期,我们的BotMon系统连续捕获到一个由Go编写的DDoS类型的僵尸网络家族,它用于DDoS攻击,使用了包括SSH/Telnet弱口令在内的多达22种传播方式。短时间内出现了4个不同的版本,有鉴于此,我们觉得该家族未来很可能继续活跃,值得警惕。下面从传播、样本和跟踪角度分别介绍。 传播分析 除了Telnet/SSH弱口令,我们观察到wszero还使用了如下21个漏洞进行传播: VULNE ... Read more
-
malwaretech.com
Everything you need to know about the OpenSSL 3.0.7 Patch (CVE-2022-3602 & CVE-2022-3786)
Discussion thread: https://updatedsecurity.com/topic/9-openssl-vulnerability-cve-2022-3602-cve-2022-3786/ Vulnerability Details From https://www.openssl.org/news/secadv/20221101.txt X.509 Email Addres ... Read more
-
huntress.com
ConnectWise/R1Soft Server Backup Manager Remote Code Execution & Supply Chain Risks | Huntress
UPDATE 2/27/23: As recently spotted by Fox-IT and subsequently reported in SecurityWeek, a critical vulnerability discovered last year in ConnectWise’s R1Soft Server Backup Manager software has now be ... Read more