Skip to content
information security Page 13

information security

Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk

Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk

Oct 17, 2024Ravie LakshmananVulnerability / Kubernetes A critical security flaw has been disclosed in the Kubernetes Image Builder that, if successfully exploited, could be abused to gain root access under certain circumstances. The vulnerability, tracked… 

Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity

Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity

Oct 16, 2024Ravie LakshmananEndpoint Security / Malware Threat actors are attempting to abuse the open-source EDRSilencer tool as part of efforts to tamper endpoint detection and response (EDR) solutions and hide malicious activity. Trend Micro… 

FIDO Alliance Drafts New Protocol to Simplify Passkey Transfers Across Different Platforms

FIDO Alliance Drafts New Protocol to Simplify Passkey Transfers Across Different Platforms

Oct 16, 2024Ravie LakshmananData Privacy / Passwordless The FIDO Alliance said it’s working to make passkeys and other credentials more easier to export across different providers and improve credential provider interoperability, as more than 12… 

Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack

Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack

Oct 16, 2024Ravie LakshmananCyber Attack / Banking Trojan A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by making use of obfuscated JavaScript to slip past security… 

GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access

GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access

Oct 16, 2024Ravie LakshmananEnterprise Security / Vulnerability GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow unauthorized access to an instance. The vulnerability, tracked… 

CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability

CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability

Oct 16, 2024Ravie LakshmananVulnerability / Data Protection The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV)…