Security
Headlines
HeadlinesLatestCVEs

Latest News

Backdoor.Win32.Benju.a MVID-2024-0700 Remote Command Execution

Backdoor.Win32.Benju.a malware suffers from a remote command execution vulnerability. This is the 700th release of a malvuln finding.

Packet Storm
#vulnerability#web#windows#redis#backdoor#auth#telnet
Backdoor.Win32.Amatu.a MVID-2024-0698 Arbitrary File Write

Backdoor.Win32.Amatu.a malware suffers from a remote arbitrary file write vulnerability.

Backdoor.Win32.Boiling MVID-2024-0696 Code Execution

Backdoor.Win32.Boiling malware suffers from a code execution vulnerability.

GHSA-9h9q-qhxg-89xr: Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting

### Summary If values passed to a `ColorColumn` or `ColumnEntry` are not valid and contain a specific set of characters, applications are vulnerable to Cross-site Scripting (XSS) attack against a user who opens a page on which a color column or entry is rendered. Versions of Filament from v3.0.0 through v3.2.114 are affected. Please upgrade to Filament [v3.2.115](https://github.com/filamentphp/filament/releases/tag/v3.2.115). ### PoC > *PoC will be published in a few weeks, once developers have had a chance to upgrade their apps.* ### Response This vulnerability (in `ColorColumn` only) was reported by @sv-LayZ, who reported the issue and patched the issue during the evening of 25/09/2024. Thank you Mattis. The review process concluded on 27/09/2024, which revealed the issue was also present in `ColorEntry`. This was fixed the same day and Filament [v3.2.115](https://github.com/filamentphp/filament/releases/tag/v3.2.115) followed. > *An explanation of the fix will be published ...

Millions of Kia Vehicles Open to Remote Hacks via License Plate

The vulnerability is the latest discovered in connected vehicles in recent years, and it points out the cyber dangers lurking in automotive APIs.

How Should CISOs Navigate the SEC Cybersecurity and Disclosure Rules?

Companies that commit to risk management have a strong cybersecurity foundation that makes it easier to comply with the SEC's rules. Here is what you need to know about 8K and 10K filings.

Novel Exploit Chain Enables Windows UAC Bypass

Adversaries can exploit CVE-2024-6769 to jump from regular to admin access without triggering UAC, but Microsoft says it's not really a vulnerability.

Top Allies Executives & Boards Should Leverage During a Cyber Crisis

It is imperative for executives and board members to know who their top allies are, and how to best leverage them to successfully navigate a crisis and minimize the harm caused by a breach.