Tag

Exploits

All articles tagged with #exploits

gaming9 days ago•7 min saved

Embark Studios cracks down on Arc Raiders exploiters after glitches

Embark Studios has completed a review of Arc Raiders exploits, deploying patches and outlining penalties for offenders: warnings for low-severity cases, deletion of coins gained through glitches, and suspensions for severe violations, as it continues investigations into how the exploits occurred and how to prevent them, ahead of the Shrouded Sky content update, and urging players to report findings on the official Discord to help restore balance.

via Eurogamer|

#arc-raiders #embark-studios #exploits

gaming10 days ago•2 min saved

ARC Raiders: Investigation Findings Prompt Targeted Enforcement to Restore Balance

ARC Raiders concluded its investigation into recent exploits, attributing them to a design flaw and outlining a measured enforcement plan based on severity, intent, and impact—including warnings, removal of coins tied to exploits, and suspensions in severe cases. The team has improved detection and safeguards, will continue monitoring, and asks players to report issues via Discord to help maintain fair play.

via ARC Raiders|

#arc-raiders #enforcement-actions #exploits

cybersecurity2 months ago•21 min saved

Apple and Google Release Urgent Security Patches for Zero-Day Vulnerabilities

This weekly cybersecurity recap highlights active exploits and critical vulnerabilities in popular software like Apple, WinRAR, and .NET, along with emerging threats such as OAuth scams, sophisticated phishing campaigns, and state-sponsored cyber espionage, emphasizing the urgent need for timely security updates and vigilance.

via The Hacker News|

#cyber-threats #cybersecurity #exploits

technology4 months ago•1 min saved

Apple Boosts Bug Bounty to $2 Million for Zero-Click Exploit Chains

Apple has increased its bug bounty reward to $2 million for the most dangerous exploits that could be used for spyware, with the potential total reward reaching $5 million including bonuses, as part of its ongoing efforts to improve security and combat the spyware industry.

via WIRED|

#apple #bug-bounty #cybersecurity

security7 months ago•2 min saved

Microsoft Investigates SharePoint Vulnerabilities Exploited in Ransomware Attacks

A China-based hacking group, Storm-2603, is exploiting vulnerabilities in Microsoft SharePoint servers to deploy Warlock ransomware, affecting over 420 servers globally and targeting various U.S. government agencies and organizations, with Microsoft urging immediate security updates.

via BleepingComputer|

#cyberattack #exploits #ransomware

technology7 months ago•2 min saved

Google and Microsoft Warn of Chinese Hackers Exploiting SharePoint Zero-Day

Google and Microsoft have identified Chinese-backed hacking groups exploiting a zero-day vulnerability in Microsoft SharePoint to steal data and plant malware, prompting urgent patching efforts worldwide, with multiple organizations already compromised.

via TechCrunch|

#china-backed-hackers #cybersecurity #exploits

technology1 year ago•1 min saved

Elon Musk Claims Top Spot in Diablo 4, Sparking Skepticism

Elon Musk's recent claim of setting a world record in Diablo IV by clearing a challenging dungeon in under two minutes is under scrutiny. Fans suspect Musk exploited a known bug that drastically increased health points, allowing for excessive damage output. This aligns with Musk's history of exploiting loopholes and obfuscating details, raising doubts about the legitimacy of his gaming achievement.

via Futurism|

#blizzard #diablo-iv #elon-musk

vulnerability-data-protection1 year ago•2 min saved

"Urgent: Patch SolarWinds Serv-U Vulnerability Amid Active Exploits"

A high-severity directory traversal vulnerability in SolarWinds Serv-U file transfer software (CVE-2024-28995) is being actively exploited, allowing attackers to read sensitive files. The flaw affects all versions up to Serv-U 15.4.2 HF 1 and has been patched in version 15.4.2 HF 2. Users are urged to update immediately to mitigate potential threats, as public proof-of-concept exploits make it easy for attackers to leverage this vulnerability.

via The Hacker News|

#cve-2024-28995 #cybersecurity #exploits

cybersecurity1 year ago•2 min saved

CISA Warns of Active Exploits in Apache Flink and NextGen Healthcare Flaws

A three-year-old improper access control bug in Apache Flink, CVE-2020-17519, is being actively exploited, prompting the US government to add it to the Known Exploited Vulnerabilities Catalog. Federal agencies must patch or stop using the software by June 13, and all users should ensure they are updated and check for potential compromises. The flaw allows attackers to read any file on the JobManager's local filesystem via the REST interface, and its exploitation underscores the critical need for timely software updates.

via The Register|

#apache-flink #cve-2020-17519 #cybersecurity

cybersecurity2 years ago•4 min saved

"Raspberry Robin Malware Expands Arsenal with Windows Exploits and Discord Spread"

The Raspberry Robin malware has evolved to include one-day exploits targeting vulnerabilities in Windows systems, indicating that the malware operator has access to exploit code or sources. The malware has also implemented new evasion techniques and distribution methods, including the use of Discord to drop malicious files onto targets. Check Point reports an increase in Raspberry Robin's operations, with large attack waves targeting systems worldwide. The malware now leverages exploits for CVE-2023-36802 and CVE-2023-29360 to elevate privileges on infected devices, and it has added new evasion mechanisms to evade security tools and OS defenses. The malware's operators are likely connected to a developer that provides exploit code, and Check Point provides indicators of compromise for identifying Raspberry Robin.

via BleepingComputer|

#check-point #cybersecurity #exploits

cybersecurity2 years ago•2 min saved

"Urgent Patch Released for Critical Jenkins RCE Vulnerability"

Multiple proof-of-concept exploits have been released for a critical Jenkins vulnerability, allowing unauthenticated attackers to read arbitrary files and execute arbitrary CLI commands. SonarSource researchers discovered two flaws, one enabling data access and the other allowing arbitrary command execution. Jenkins has released fixes for the flaws, but researchers have already reproduced attack scenarios and created working PoC exploits, with reports of hackers actively exploiting the vulnerabilities in the wild.

via BleepingComputer|

#cybersecurity #exploits #jenkins

cybersecurity2 years ago•2 min saved

"Massive Exploitation of Critical Atlassian Confluence RCE Vulnerability"

More than 600 IP addresses are launching thousands of exploit attempts against a critical bug in out-of-date versions of Atlassian Confluence Data Center and Server, which can allow unauthenticated remote code execution (RCE) attacks. Despite Atlassian urging customers to update immediately, over 11,000 instances remain exposed on the internet, with more than 39,000 RCE attempts seen since January 19. Organizations with vulnerable instances are advised to assume a breach, patch, and take precautions, as this follows a string of critical flaws that have plagued the company in recent months.

via The Register|

#atlassian #cve-2023-22527 #cybersecurity

cybersecurity2 years ago•20 min saved

"Decoding Outlook Attack Vectors: Unveiling the Obvious, the Normal, and the Advanced"

Check Point Research conducted a comprehensive analysis of attack vectors on Microsoft Outlook, categorizing them into three groups: the "obvious" hyperlink attack vector, the "normal" attachment attack vector, and the "advanced" attack vector involving email reading and special objects. The research highlights the potential security risks introduced by each vector and provides recommendations for users and application developers to enhance security. The analysis emphasizes the importance of maintaining strong security measures and user vigilance when using Outlook to mitigate cyber threats.

via Check Point Research|

#attack-vectors #cybersecurity #email

cybersecurity2 years ago•1 min saved

Ransomware Hackers Exploit Critical Atlassian Confluence Vulnerability

Multiple ransomware groups are actively exploiting recently disclosed vulnerabilities in Atlassian Confluence and Apache ActiveMQ. The flaws allow threat actors to create unauthorized accounts and lead to a loss of confidentiality, integrity, and availability. Atlassian has updated its advisory, noting active exploits and increasing the severity of the flaw. The attacks involve mass exploitation of vulnerable Atlassian Confluence servers, originating from IP addresses in France, Hong Kong, and Russia. Additionally, a severe remote code execution flaw in Apache ActiveMQ is being weaponized to deliver a remote access trojan and a ransomware variant. Cybersecurity firms emphasize the need for rapid remediation of these vulnerabilities.

via The Hacker News|

#apache #atlassian #cybersecurity

gaming2 years ago•4 min saved

Exciting Developments in PS5 Hacking Scene: FPKG Support, Firmware Updates, and GoldHEN Progress

Rumors are circulating about potential developments in the PS5 hacking scene by Christmas. Zecoxao, a well-known figure in the hacking community, has made several predictions, including the release of Sistr0's GoldHEN and cheat support, Sleirsgoevy's investigation into PS5 FPKG support (which has since been debunked), TheFloW's disclosure of a userland and kernel exploit, and a special surprise for the PSP, PS2, and possibly the PS5. While some of these predictions have already been confirmed or are highly likely, the exact timing and release of these developments remain uncertain.

via Wololo.net|

#exploits #gaming #hacking-scene