Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2023-31572: CVE-nu11secur1ty/vendors/bludit/2023/Bludit-v4.0.0-Release-candidate-2 at main · nu11secur1ty/CVE-nu11secur1ty

An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request.

CVE
Open in Source
#web#windows#apple#js#php#auth#chrome#webkit
Hackers Using Golang Variant of Cobalt Strike to Target Apple macOS Systems

A Golang implementation of Cobalt Strike called Geacon is likely to garner the attention of threat actors looking to target Apple macOS systems. The findings come from SentinelOne, which observed an uptick in the number of Geacon payloads appearing on VirusTotal in recent months. "While some of these are likely red-team operations, others bear the characteristics of genuine malicious attacks,"

TinyWebGallery 2.5 Cross Site Scripting

TinyWebGallery version 2.5 suffers from a persistent cross site scripting vulnerability.

Siemens SIMATIC S7-1200 Cross Site Request Forgery

Siemens SIMATIC S7-1200 CPU start/stop command cross site request forgery exploit. This older issue elaborates on t4rkd3vilz's CVE-2015-5698 by issuing a POST command to a specified web server path.

An Analyst View of XM Cyber’s Acquisition of Confluera

The deal will enhance the capabilities of both companies and provide customers with a more comprehensive way to protect their digital assets.

Microsoft Authenticator to Enforce Number Matching

As a way to enhance MFA security, Microsoft will require users to authorize login attempts by entering a numeric code into the Microsoft Authenticator app.

CVE-2023-2659: CVEproject/Online-Computer-and-Laptop-Store---Multiple-vulnerabilities.md at main · xiahao90/CVEproject

A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file view_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228801 was assigned to this vulnerability.

CVE-2023-2661: CVEproject/Online-Computer-and-Laptop-Store---Multiple-vulnerabilities.md at main · xiahao90/CVEproject

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228803.

Google adds unwanted tracker detection to Find My Device network

Categories: News Categories: Personal Categories: Privacy Google used its annual I/O conference keynote to announce anti-stalking updates. (Read more...) The post Google adds unwanted tracker detection to Find My Device network appeared first on Malwarebytes Labs.

Twitter’s Encrypted DMs Are Deeply Inferior to Signal and WhatsApp

The social network's new privacy feature is technically flawed, opt-in, and limited in its functionality. All this for just $8 a month.