Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters

Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters,

Researchers have disclosed an unpatched security vulnerability in « dompdf, » a PHP-based HTML to PDF converter, that, if successfully exploited, could lead to remote code execution in certain configurations.
« By injecting CSS into the data processed by dompdf, it can be tricked into storing a malicious font with a .php file extension in its font cache, which can later be executed by accessing it

,

Researchers have disclosed an unpatched security vulnerability in « dompdf, » a PHP-based HTML to PDF converter, that, if successfully exploited, could lead to remote code execution in certain configurations.
« By injecting CSS into the data processed by dompdf, it can be tricked into storing a malicious font with a .php file extension in its font cache, which can later be executed by accessing it

, ,
https://thehackernews.com/2022/03/unpatched-rce-bug-in-dompdf-project.html

German Government Warns Against Using Russia’s Kaspersky Antivirus Software

German Government Warns Against Using Russia’s Kaspersky Antivirus Software

,

Russian cybersecurity firm Kaspersky on Tuesday responded to an advisory released by Germany’s Federal Office of Information Security (BSI) against using the company’s security solutions in the country over « doubts about the reliability of the manufacturer. »
Calling that the decision was made on « political grounds, » the company said it will « continue to assure our partners and customers of the

,

Russian cybersecurity firm Kaspersky on Tuesday responded to an advisory released by Germany’s Federal Office of Information Security (BSI) against using the company’s security solutions in the country over « doubts about the reliability of the manufacturer. »
Calling that the decision was made on « political grounds, » the company said it will « continue to assure our partners and customers of the

, ,
https://thehackernews.com/2022/03/german-government-warns-against-using.html

Build Your 2022 Cybersecurity Plan With This Free PPT Template

Build Your 2022 Cybersecurity Plan With This Free PPT Template,

The end of the year is coming, and it’s time for security decision-makers to make plans for 2022 and get management approval. Typically, this entails making a solid case regarding why current resources, while yielding significant value, need to be reallocated and enhanced.

The Definitive 2022 Security Plan PPT Template is built to simplify this task, providing security decision-makers with an

,

The end of the year is coming, and it’s time for security decision-makers to make plans for 2022 and get management approval. Typically, this entails making a solid case regarding why current resources, while yielding significant value, need to be reallocated and enhanced.

The Definitive 2022 Security Plan PPT Template is built to simplify this task, providing security decision-makers with an

, ,
https://thehackernews.com/2019/11/cybersecurity-plan-template.html

Multiple Flaws Uncovered in ClickHouse OLAP Database System for Big Data

Multiple Flaws Uncovered in ClickHouse OLAP Database System for Big Data,

Researchers have disclosed seven new security vulnerabilities in an open-source database management system solution called ClickHouse that could be weaponized to crash the servers, leak memory contents, and even lead to the execution of arbitrary code.
« The vulnerabilities require authentication, but can be triggered by any user with read permissions, » Uriya Yavnieli and Or Peles, researchers

,

Researchers have disclosed seven new security vulnerabilities in an open-source database management system solution called ClickHouse that could be weaponized to crash the servers, leak memory contents, and even lead to the execution of arbitrary code.
« The vulnerabilities require authentication, but can be triggered by any user with read permissions, » Uriya Yavnieli and Or Peles, researchers

, ,
https://thehackernews.com/2022/03/multiple-flaws-uncovered-in-clickhouse.html

Facebook Hit With $18.6 Million GDPR Fine Over 12 Data Breaches in 2018

Facebook Hit With $18.6 Million GDPR Fine Over 12 Data Breaches in 2018,

The Irish Data Protection Commission (DPC) on Tuesday slapped Facebook and WhatsApp owner Meta Platforms a fine of €17 million (~$18.6 million) for a series of security lapses that occurred in violation of the European Union’s GDPR laws in the region.
« The DPC found that Meta Platforms failed to have in place appropriate technical and organizational measures which would enable it to readily

,

The Irish Data Protection Commission (DPC) on Tuesday slapped Facebook and WhatsApp owner Meta Platforms a fine of €17 million (~$18.6 million) for a series of security lapses that occurred in violation of the European Union’s GDPR laws in the region.
« The DPC found that Meta Platforms failed to have in place appropriate technical and organizational measures which would enable it to readily

, ,
https://thehackernews.com/2022/03/facebook-hit-with-186-million-gdpr-fine.html

Nearly 34 Ransomware Variants Observed in Hundreds of Cyberattacks in Q4 2021

Nearly 34 Ransomware Variants Observed in Hundreds of Cyberattacks in Q4 2021,

As many as 722 ransomware attacks were observed during the fourth quarter of 2021, with LockBit 2.0, Conti, PYSA, Hive, and Grief emerging as the most prevalent strains, according to new research published by Intel 471.
The attacks mark an increase of 110 and 129 attacks from the third and second quarters of 2021, respectively. In all, 34 different ransomware variants were detected during the

,

As many as 722 ransomware attacks were observed during the fourth quarter of 2021, with LockBit 2.0, Conti, PYSA, Hive, and Grief emerging as the most prevalent strains, according to new research published by Intel 471.
The attacks mark an increase of 110 and 129 attacks from the third and second quarters of 2021, respectively. In all, 34 different ransomware variants were detected during the

, ,
https://thehackernews.com/2022/03/nearly-34-ransomware-variants-observed.html

CaddyWiper: Yet Another Data Wiping Malware Targeting Ukrainian Networks

CaddyWiper: Yet Another Data Wiping Malware Targeting Ukrainian Networks,

Two weeks after details emerged about a second data wiper strain delivered in attacks against Ukraine, yet another destructive malware has been detected amid Russia’s continuing military invasion of the country.
Slovak cybersecurity company ESET dubbed the third wiper « CaddyWiper, » which it said it first observed on March 14 around 9:38 a.m. UTC. Metadata associated with the executable (« 

,

Two weeks after details emerged about a second data wiper strain delivered in attacks against Ukraine, yet another destructive malware has been detected amid Russia’s continuing military invasion of the country.
Slovak cybersecurity company ESET dubbed the third wiper « CaddyWiper, » which it said it first observed on March 14 around 9:38 a.m. UTC. Metadata associated with the executable (« 

, ,
https://thehackernews.com/2022/03/caddywiper-yet-another-data-wiping.html

Massive DDoS Attack Knocked Israeli Government Websites Offline

Massive DDoS Attack Knocked Israeli Government Websites Offline,

A number of websites belonging to the Israeli government were felled in a distributed denial-of-service (DDoS) attack on Monday, rendering the portals inaccessible for a short period of time.
« In the past few hours, a DDoS attack against a communications provider was identified, » the Israel National Cyber Directorate (INCD) said in a tweet. « As a result, access to several websites, among them

,

A number of websites belonging to the Israeli government were felled in a distributed denial-of-service (DDoS) attack on Monday, rendering the portals inaccessible for a short period of time.
« In the past few hours, a DDoS attack against a communications provider was identified, » the Israel National Cyber Directorate (INCD) said in a tweet. « As a result, access to several websites, among them

, ,
https://thehackernews.com/2022/03/massive-ddos-attack-knocked-israeli.html

‘Dirty Pipe’ Linux Flaw Affects a Wide Range of QNAP NAS Devices

‘Dirty Pipe’ Linux Flaw Affects a Wide Range of QNAP NAS Devices

,

Network-attached storage (NAS) appliance maker QNAP on Monday warned of a recently disclosed Linux vulnerability affecting its devices that could be abused to elevate privileges and gain control of affected systems.
« A local privilege escalation vulnerability, also known as ‘Dirty Pipe,’ has been reported to affect the Linux kernel on QNAP NAS running QTS 5.0.x and QuTS hero h5.0.x, » the company

,

Network-attached storage (NAS) appliance maker QNAP on Monday warned of a recently disclosed Linux vulnerability affecting its devices that could be abused to elevate privileges and gain control of affected systems.
« A local privilege escalation vulnerability, also known as ‘Dirty Pipe,’ has been reported to affect the Linux kernel on QNAP NAS running QTS 5.0.x and QuTS hero h5.0.x, » the company

, ,
https://thehackernews.com/2022/03/dirty-pipe-linux-flaw-affects-wide.html

Gaming Company Ubisoft Confirms It was Hacked, Resets Staff Passwords

Gaming Company Ubisoft Confirms It was Hacked, Resets Staff Passwords,

French video game company Ubisoft on Friday confirmed it was a victim of a « cyber security incident, » causing temporary disruptions to its games, systems, and services.
The Montreuil-headquartered firm said that an investigation into the breach was underway and that it has initiated a company-wide password reset as a precautionary measure.
« Also, we can confirm that all our games and services

,

French video game company Ubisoft on Friday confirmed it was a victim of a « cyber security incident, » causing temporary disruptions to its games, systems, and services.
The Montreuil-headquartered firm said that an investigation into the breach was underway and that it has initiated a company-wide password reset as a precautionary measure.
« Also, we can confirm that all our games and services

, ,
https://thehackernews.com/2022/03/gaming-company-ubisoft-confirms-it-was.html