Code Execution Bug Affects Yamale Python Package — Used by Over 200 Projects

The Hacker News Daily Updates New Work Norms, New Cyber Security: Defending Your Hybrid Work Environment | Live Virtual Event | Wed, Oct 28, 2021 | 10:00 AM PT | 1:00 PM ET Download Now Sponsored LATEST NEWS Oct 8, 2021 Ransomware Group FIN12 Aggressively Going After Healthcare Targets An "aggressive" financially motivated threat actor has been identified as linked to a string of RYUK ransomware attacks since October 2018, while maintaining close partnerships with TrickBot-affiliated threat actors and using a publicly available arsenal of tools such as Cobalt Strike Beacon ... Read More Researchers Warn of FontOnLake Rootkit Malware Targeting Linux Systems Cybersecurity researchers have detailed a new campaign that likely targets entities in Southeast Asia with a previously unrecognized Linux malware that's engineered to enable remote access to its operators, in addition to amassing credentials and function as a proxy server. The malware family, ... Read More New Patch Released for Actively Exploited 0-Day Apache Path Traversal to RCE Attacks The Apache Software Foundation on Thursday released additional security updates for its HTTP Server product to remediate what it says is an "incomplete fix" for an actively exploited path traversal and remote code execution flaw that it patched earlier this week. CVE-2021-42013, as the new ... Read More Code Execution Bug Affects Yamale Python Package — Used by Over 200 Projects A high-severity code injection vulnerability has been disclosed in 23andMe's Yamale, a schema and validator for YAML, that could be trivially exploited by adversaries to execute arbitrary Python code. The flaw, tracked as CVE-2021-38305 (CVSS score: 7.8), involves manipulating the schema file ... Read More Penetration Testing Your AWS Environment - A CTO's Guide So, you've been thinking about getting a Penetration Test done on your Amazon Web Services (AWS) environment. Great! What should that involve exactly?  There are many options available, and knowing what you need will help you make your often limited security budget go as far as possible. Broadly, ... Read More New Work Norms, New Cyber Security: Defending Your Hybrid Work Environment | Live Virtual Event | Wed, Oct 28, 2021 | 10:00 AM PT | 1:00 PM ET Download Now Sponsored This email was sent to myemailku.ghdbrevo2018@blogger.com. You are receiving this newsletter because you opted-in to receive relevant communications from The Hacker News. To manage your email newsletter preferences, please click here. Contact The Hacker News: info@thehackernews.com Unsubscribe The Hacker News | Pearls Omaxe, Netaji Subash Place, Pitampura, Delhi 110034 India