CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
cert.pl
Vulnerability in lua-http library
CVE ID CVE-2023-4540 Publication date 05 September 2023 Vendor Daurnimator Product lua-http Vulnerable versions All including 0.4 before ddab283 commit Vulnerability type (CWE) Improper Handling of Ex ...
-
huntress.com
How Businesses Should Be Scaling Their Security
Small and medium businesses are changing their security stance for the better. There are still some stragglers, but they tend to be brought forward by insurance companies requiring at least a shred of ...
-
0patch.com
Micropatches Released For Denial of Service in Microsoft Message Queuing (CVE-2023-28302, CVE-2023-21769)
April 2023 Windows Updates brought fixes for a number of vulnerabilities in Microsoft Message Queuing Service. We first issued patches for the "Queuejumper" remote code execution vulnerability (CVE-20 ...
-
huntress.com
Move It on Over: Reflecting on the MOVEit Exploitation | Huntress
In late May 2023, customers running the popular MOVEit file transfer software faced multiple, unexplained intrusions. As previously documented by Huntress, MOVEit customers found themselves the victim ...
-
0patch.com
Micropatches Released For DHCP Server Service Remote Code Execution (CVE-2023-28231)
April 2023 Windows Updates brought a fix for CVE-2023-28231, a remote code execution vulnerability in DHCP Server service. The vulnerability was reported to Microsoft by security researcher YanZiShuan ...
-
curatedintel.org
CL0P likes to MOVEit MOVEit
CL0P likes to MOVEit MOVEit BackgroundFor the last couple of years, the threat actors associated with the CL0P ransomware group have occasionally ditched encryption in favour of exploiting file transf ...
-
huntress.com
Calm In The Storm: Reviewing Volt Typhoon
Network owners, operators and defenders find themselves in an increasingly contentious and hostile space, with entities ranging from opportunistic criminal elements to state-directed organizations eng ...
-
huntress.com
Critical Vulnerabilities in PaperCut Print Management Software | Huntress
Our team is tracking in-the-wild exploitation of zero-day vulnerabilities against PaperCut MF/NG which allow for unauthenticated remote code execution due to an authentication bypass.UPDATE #1 - 4/25/ ...
-
shostack.org
Reflecting on Threats: The Frame
Shostack + Associates > Blog > Reflecting on Threats: The Frame Shostack + Friends Blog Now that the Threats book is out and the first reviews are in (thank you!), I want to talk more about the frame ...
-
shostack.org
Application Security Roundup - March
Shostack + Associates > Blog > Application Security Roundup - March Shostack + Friends Blog The March appsec roundup includes few tools, some thoughts on injection, some standards, and some of my own ...