The Hacker News Daily Updates

"Critical security flaw found in Amazon Elastic Container Registry."

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.  Accessed on 13 December 2022, 2013 UTC. Content supplied by email subscription to "The Hacker News Daily Updates."

Source: https://mail.google.com/mail/u/0/?tab=rm&ogbl#inbox/FMfcgzGrbbtFlFgZQDpxsgGlLKGPxVbc

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net and https://paper.li/RussellRoberts).

The Hacker News Daily Updates
Newsletter
cover

The 5 Dimensions of Data Maturity

Webinar

Download NowSponsored
LATEST NEWSDec 13, 2022

Serious Attacks Could Have Been Staged Through This Amazon ECR Public Gallery Vulnerability

A critical security flaw has been disclosed in Amazon Elastic Container Registry (ECR) Public Gallery that could have been potentially exploited to stage a multitude of attacks, according to cloud security firm Lightspin. "By exploiting this vulnerability, a malicious actor could delete all images in the Amazon ECR Public Gallery or update the image contents to inject malicious code," ...

Read More
TwitterFacebookLinkedIn

Cybersecurity Experts Uncover Inner Workings of Destructive Azov Ransomware

Cybersecurity researchers have published the inner workings of a new wiper called Azov Ransomware that's deliberately designed to corrupt data and "inflict impeccable damage" to compromised systems. Distributed through another malware loader known as SmokeLoader, the malware has been described as an "effective, fast, and unfortunately unrecoverable data wiper," by Israeli cybersecurity ...

Read More
TwitterFacebookLinkedIn

Malware Strains Targeting Python and JavaScript Developers Through Official Repositories

An active malware campaign is targeting the Python Package Index (PyPI) and npm repositories for Python and JavaScript with typosquatted and fake modules that deploy a ransomware strain, marking the latest security issue to affect software supply chains. The typosquatted Python packages all impersonate the popular requests library: dequests, fequests, gequests, rdquests, reauests, ...

Read More
TwitterFacebookLinkedIn

Fortinet Warns of Active Exploitation of New SSL-VPN Pre-auth RCE Vulnerability

Fortinet on Monday issued emergency patches for a severe security flaw affecting its FortiOS SSL-VPN product that it said is being actively exploited in the wild. Tracked as CVE-2022-42475 (CVSS score: 9.3), the critical bug relates to a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to execute arbitrary code via specially crafted requests. The ...

Read More
TwitterFacebookLinkedIn

Researchers Demonstrate How EDR and Antivirus Can Be Weaponized Against Users

High-severity security vulnerabilities have been disclosed in different endpoint detection and response (EDR) and antivirus (AV) products that could be exploited to turn them into data wipers. "This wiper runs with the permissions of an unprivileged user yet has the ability to wipe almost any file on a system, including system files, and make a computer completely unbootable," SafeBreach ...

Read More
TwitterFacebookLinkedIn

Top 4 SaaS Security Threats for 2023

With 2022 coming to a close, there is no better time to buckle down and prepare to face the security challenges in the year to come. This past year has seen its fair share of breaches, attacks, and leaks, forcing organizations to scramble to protect their SaaS stacks. March alone saw three different breaches from Microsoft, Hubspot, and Okta.  With SaaS sprawl ever growing and becoming ...

Read More
TwitterFacebookLinkedIn

Google Adds Passkey Support to Chrome for Windows, macOS and Android

Google has officially begun rolling out support for passkeys, the next-generation passwordless login standard, to its stable version of Chrome web browser. "Passkeys are a significantly safer replacement for passwords and other phishable authentication factors," the tech giant's Ali Sarraf said. "They cannot be reused, don't leak in server breaches, and protect users from phishing attacks." ...

Read More
TwitterFacebookLinkedIn

Cryptocurrency Mining Campaign Hits Linux Users with Go-based CHAOS Malware

A cryptocurrency mining attack targeting the Linux operating system also involved the use of an open source remote access trojan (RAT) dubbed CHAOS. The threat, which was spotted by Trend Micro in November 2022, remains virtually unchanged in all other aspects, including when it comes to terminating competing malware, security software, and deploying the Monero (XMR) cryptocurrency miner. ...

Read More
TwitterFacebookLinkedIn
cover

The 5 Dimensions of Data Maturity

Webinar

Download NowSponsored

Comments

Popular posts from this blog

SecurityWeek Briefing.

Cyber War Newswire

SecurityWeek Briefing.