Security
Headlines
HeadlinesLatestCVEs

Latest News

Lloyd's of London Launches New Cyber Insurance Consortium

Under the program, HITRUST-certified organizations gain access to exclusive coverage and rates.

DARKReading
#auth
CVE-2024-12382: Chromium: CVE-2024-12382 Use after free in Translate

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

CVE-2024-12381: Chromium: CVE-2024-12381 Type Confusion in V8

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

The Growing Importance of Secure Crypto Payment Gateways

Learn how cryptocurrency’s rapid growth brings risks like fake payment gateways and online scams. Discover tips to stay…

336K Prometheus Instances Exposed to DoS, 'Repojacking'

Open source Prometheus servers and exporters are leaking plaintext passwords and tokens, along with API addresses of internal locations.

Chinese Cops Caught Using Android Spyware to Track Mobile Devices

Law enforcement across mainland China have been using EagleMsgSpy surveillance tool to collect mobile device data since at least 2017, new research shows.

IoT Cloud Cracked by 'Open Sesame' Over-the-Air Attack

Researchers demonstrate how to hack Ruijie Reyee access points without Wi-Fi credentials or even physical access to the device.

Europol Cracks Down on Holiday DDoS Attacks

In Operation PowerOFF, global authorities aim to deter individuals from engaging in malicious cyber acts.

US Sanctions Chinese Cybersecurity Firm for Firewall Exploit, Ransomware Attacks

SUMMARY The United States has taken strong action against a Chinese cybersecurity company, Sichuan Silence Information Technology, for…

GHSA-j2pq-22jj-4pm5: XWiki allows remote code execution through the extension sheet

### Impact On instances where `Extension Repository Application` is installed, any user can execute any code requiring `programming` rights on the server. In order to reproduce on an instance, as a normal user without `script` nor `programming` rights, go to your profile and add an object of type `ExtensionCode.ExtensionClass`. Set the description to `{{async}}{{groovy}}println("Hello from Description"){{/groovy}}{{/async}}` and press `Save and View`. If the description displays as `Hello from Description` without any error, then the instance is vulnerable. ### Patches This vulnerability has been fixed in XWiki 15.10.9 and 16.3.0. ### Workarounds Since `Extension Repository Application` is not mandatory, it can be safely disabled on instances that do not use it. It is also possible to manually apply [this patch](https://github.com/xwiki/xwiki-platform/commit/8659f17d500522bf33595e402391592a35a162e8#diff-9b6f9e853f23d76611967737f8c4072ffceaba4c006ca5a5e65b66d988dc084a) to the page `Ex...