Oracle warned its corporate customers that there is a critical-rated vulnerability in its PeopleSoft software, which is used by large companies to manage payroll and human resources, a day after a cybercrime group took credit for abusing the flaw as part of a mass-hacking campaign.
The company published the security advisory on Thursday after the hacking group ShinyHunters claimed to have breached more than 100 organizations that use PeopleSoft servers.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- CVE-2023-23397 – Microsoft Outlook Privilege Escalation
March 31, 2023
On March 14, 2023, Microsoft released a patch for CVE-2023-23397. CVE-2023-23397 is a vulnerability in the Windows Microsoft Outlook client that can be exploited by sending a specially crafted email that triggers automatically when it is processed by the Outlook client. No user interaction is required to trigger the exploit. Exploitation of the vulnerability will leak ...
- CISA Adds Ten Known Exploited Vulnerabilities to Catalog
March 30, 2023
CISA has added ten new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2013-3163 Microsoft Internet Explorer Memory Corruption Vulnerability CVE-2014-1776 Microsoft Internet Explorer Memory Corruption Vulnerability CVE-2017-7494 Samba Remote Code Execution Vulnerability Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- WiFi protocol flaw allows attackers to hijack network traffic
March 28, 2023
Cybersecurity researchers have discovered a fundamental security flaw in the design of the IEEE 802.11 WiFi protocol standard, allowing attackers to trick access points into leaking network frames in plaintext form. WiFi frames are data containers consisting of a header, data payload, and trailer, which include information such as the source and destination MAC address, control, ...
- Copy-paste heist or clipboard-injector attacks on cryptousers
March 28, 2023
It is often the case that something new is just a reincarnation of something old. Kaspersky reasearchers have come across a series of clipboard injection attacks on cryptocurrency users, which emerged starting from September 2022. Although they have written about a similar malware attack in 2017 in one of our blogposts, the technique is still ...
- Gone in 120 seconds: Tesla Model 3 child’s play for hackers
March 27, 2023
A team of hackers from French security shop Synacktiv have won $100,000 and a Tesla Model 3 after subverting the Muskmobile’s entertainment system, and from there opening up the car’s core management systems. The prize was awarded at the annual Pwn2Own competition in Vancouver and it wasn’t Synacktiv’s only win. The team walked away from the ...
- CISA Releases Six Industrial Control Systems Advisories
March 23, 2023
CISA released six Industrial Control Systems (ICS) advisories on March 23, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-082-01 RoboDK ICSA-23-082-02 CP-Plus KVMS Pro ICSA-23-082-03 SAUTER EY-modulo 5 Building Automation Stations Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Releases Eight Industrial Control Systems Advisories