Warning: New Apache Superset vulnerability opens servers to RCE attacks!

The Hacker News Daily Updates [Newsletter]( [cover]( [Audience Hijacking in 2023: What It Is and How to Combat It]( In this survey report, you’ll discover what your industry peers are doing to combat audience hijacking and affiliate fraud. [Download Now]( Sponsored LATEST NEWS Apr 26, 2023 [Browser Security Survey: 87% of SaaS Adopters Exposed to Browser-borne Attacks]( The browser serves as the primary interface between the on-premises environment, the cloud, and the web in the modern enterprise. Therefore, the browser is also exposed to multiple types of cyber threats and operational risks. In light of this significant challenge, how are CISOs responding? LayerX, Browser Security platform provider, has polled more than 150 CISOs across multiple verticals ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE Attacks]( The maintainers of the Apache Superset open source data visualization software have released fixes to plug an insecure default configuration that could lead to remote code execution. The vulnerability, tracked as CVE-2023-27524 (CVSS score: 8.9), impacts versions up to and including 2.0.1 and relates to the use of a default SECRET_KEY that could be abused by attackers to authenticate and ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Still managing compliance on spreadsheets? Time for compliance automation.]( Know your risk and compliance posture at all times. Automate your compliance journey here. [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [VMware Releases Critical Patches for Workstation and Fusion Software]( VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution. The vulnerability, tracked as CVE-2023-20869 (CVSS score: 9.3), is described as a stack-based buffer-overflow vulnerability that resides in the functionality for sharing host Bluetooth devices with ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [New SLP Vulnerability Could Let Attackers Launch 2200x Powerful DDoS Attacks]( Details have emerged about a high-severity security vulnerability impacting Service Location Protocol (SLP) that could be weaponized to launch volumetric denial-of-service attacks against targets. "Attackers exploiting this vulnerability could leverage vulnerable instances to launch massive Denial-of-Service (DoS) amplification attacks with a factor as high as 2,200 times, potentially making ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Iranian Hackers Launch Sophisticated Attacks Targeting Israel with PowerLess Backdoor]( An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that's designed to deploy an updated version of a Windows backdoor called PowerLess. Cybersecurity firm Check Point is tracking the activity cluster under its mythical creature handle Educated Manticore, which exhibits "strong overlaps" with a hacking crew known as APT35, Charming ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Modernizing Vulnerability Management: The Move Toward Exposure Management]( Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effective vulnerability management as they lack business context, prioritization, and understanding ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware]( A financially-motivated North Korean threat actor is suspected to be behind a new Apple macOS malware strain called RustBucket. "[RustBucket] communicates with command and control (C2) servers to download and execute various payloads," Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley said in a technical report published last week. The Apple device management company attributed ... [Read More]( [Twitter]( [Facebook]( [LinkedIn]( [cover]( [Audience Hijacking in 2023: What It Is and How to Combat It]( In this survey report, you’ll discover what your industry peers are doing to combat audience hijacking and affiliate fraud. [Download Now]( Sponsored This email was sent to {EMAIL}. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please [click here](. Contact The Hacker News: info@thehackernews.com [Unsubscribe]( The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India