Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

WhatsApp lawsuit against NSO Group greenlit by Supreme Court

Categories: News Tags: Pegasus Tags: spyware Tags: Pegasus spyware Tags: NSO Group Tags: NSO Tags: Apple Tags: WhatsApp Tags: Meta Tags: Foreign Sovereign Immunity Act The US Supreme Court essentially gave Meta’s WhatsApp the go ahead to pursue their case against Pegasus’s NSO Group. (Read more...) The post WhatsApp lawsuit against NSO Group greenlit by Supreme Court appeared first on Malwarebytes Labs.

Malwarebytes
#vulnerability#apple#google#microsoft#cisco#git#vmware#asus#zero_day#sap
Cyber Jobs of the Future: Sleuth, Bodyguard, 'Immunity' Developer

With artificial intelligence poised to displace many SOC professionals, it's important to think ahead to potential niches for cybersmart humans — even to outer space.

A Police App Exposed Secret Details About Raids and Suspects

SweepWizard, an app that law enforcement used to coordinate raids, left sensitive information about hundreds of police operations publicly accessible.

CVE-2023-22959: GitHub - chenan224/webchess_sqli_poc

WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.php, chess.php, and opponentspassword.php (txtFirstName, txtLastName).

CVE-2023-22947: Install on Windows - Service Provider 3

** DISPUTED ** Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in the service executable's folder. This occurs because the installation goes under C:\opt (rather than C:\Program Files) by default. NOTE: the vendor disputes the significance of this report, stating that "We consider the ACLs a best effort thing" and "it was a documentation mistake."

Red Hat Security Advisory 2023-0045-01

Red Hat Security Advisory 2023-0045-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include out of bounds access and use-after-free vulnerabilities.

'Copyright Infringement' Lure Used for Facebook Credential Harvesting

Business users receive a message from Facebook warning their accounts will be permanently suspended for using photos illegally if they don't appeal within 24 hours, leading victims to a credential-harvesting page instead.

RHSA-2023:0045: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4283: xorg-x11-server: X.Org Server XkbGetKbdByName use-after-free * CVE-2022-46340: xorg-x11-server: X.Org Server XTestSwapFakeInput stack overflow * CVE-2022-46341: xorg-x11-server: X.Org Server XIPassiveUngrab out-of-bounds access * CVE-2022-46342: xorg-x11-server: X.Org Server XvdiSelectVideoNotify use-after-free * CVE-2022-46343: xorg-x11-server:...

Web 3.0 Shifts Attack Surface and Highlights Need for Continuous Security

A model of continuous authentication and identification is needed to keep consumers safe.