GitHub has released fixes to address a set of three security flaws impacting its Enterprise Server product, including one critical bug that could be abused to gain site administrator privileges. The most severe of the shortcomings has been assigned the CVE identifier CVE-2024-6800, and carries a CVSS score of 9.5. “On GitHub Enterprise Server instances […]
Cybersecurity researchers have unpacked a new malware strain dubbed PG_MEM that’s designed to mine cryptocurrency after brute-forcing their way into PostgreSQL database instances. “Brute-force attacks on Postgres involve repeatedly attempting to guess the database credentials until access is gained, exploiting weak passwords,” Aqua security researcher Assaf Morag said in a technical report. “
What happens when Glasgow’s greatest meets the burgeoning Latvian sound system scene? We’ll tell you… The post Laba Daba Festival report – Mungo’s Hi Fi meets the Latvians uptown first appeared on Juno Daily.
Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft’s Copilot Studio that could be exploited to access sensitive information. Tracked as CVE-2024-38206 (CVSS score: 8.5), the vulnerability has been described as an information disclosure bug stemming from a server-side request forgery (SSRF) attack. “An authenticated attacker can bypass Server-Side Request
A new remote access trojan called MoonPeak has been discovered as being used by a state-sponsored North Korean threat activity cluster as part of a new campaign. Cisco Talos attributed the malicious cyber campaign to a hacking group it tracks as UAT-5394, which it said exhibits some level of tactical overlaps with a known nation-state […]
Canonical has released security fixes for multiple OpenJDK 8 vulnerabilities that could result in denial of service, information disclosure, or arbitrary code execution on certain Ubuntu releases.
This method was first disclosed by CSIRT KNF in Poland in July 2023 and later observed in Czechia by ESET analysts. Similar campaigns were also observed targeting banks in Hungary and Georgia.
The vulnerability, identified as CVE-2024-5932, arises from inadequate validation of user-provided serialized data, allowing attackers to inject harmful PHP objects through the give_title parameter.
Iran-linked TA453 targeted a religious figure with a fake podcast interview invitation, attempting to deliver the BlackSmith malware toolkit. The initial lure involved an email leading to a malicious link containing the AnvilEcho PowerShell trojan.