Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

State of Malware 2024: What consumers need to know

The State of Malware 2024 report covers some topics that are of special interest to home users: privacy, passwords, malvertising, banking Trojans, and Mac malware.

Malwarebytes
Open in Source
#web#ios#android#mac#windows#apple#google#microsoft#git#backdoor#auth#chrome
2054, Part II: Next Big Thing

“If molecules really were the new microchips, the promise of remote gene editing was that the body could be manipulated to upgrade itself.” An exclusive excerpt from 2054: A Novel.

Patch management needs a revolution, part 5: How open source and transparency can force positive change

This is the fifth and final part of Vincent Danen’s “Patch management needs a revolution” series.Patch management needs a revolution, part 1: Surveying cybersecurity’s lineagePatch management needs a revolution, part 2: The flood of vulnerabilitiesPatch management needs a revolution, part 3: Vulnerability scores and the concept of trustPatch management needs a revolution, part 4: Sane patching is safe patching is selective patchingThere is an intersection between “compliance” and “security” but it’s wise to realize that compliance does not equal security. Compliance, when don

SISQUAL WFM 7.1.319.103 Host Header Injection

SISQUAL WFM version 7.1.319.103 suffers from a host header injection vulnerability.

Apple Security Advisory 02-02-2024-1

Apple Security Advisory 02-02-2024-1 - visionOS 1.0.2 addresses a code execution vulnerability.

GYM MS 1.0 Cross Site Scripting

Gym Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Original credit for this finding goes to Jyotsna Adhana in October of 2020 but uses a different vector of attack for this software version.

WhatsUp Gold 2022 22.1.0 Build 39 Cross Site Scripting

WhatsUp Gold 2022 version 22.1.0 Build 39 suffers from a persistent cross site scripting vulnerability.

Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware

The threat actor known as Patchwork likely used romance scam lures to trap victims in Pakistan and India, and infect their Android devices with a remote access trojan called VajraSpy. Slovak cybersecurity firm ESET said it uncovered 12 espionage apps, six of which were available for download from the official Google Play Store and were collectively downloaded more than 1,400 times between

Pegasus Spyware Targeted iPhones of Journalists and Activists in Jordan

The iPhones belonging to nearly three dozen journalists, activists, human rights lawyers, and civil society members in Jordan have been targeted with NSO Group's Pegasus spyware, according to joint findings from Access Now and the Citizen Lab. Nine of the 35 individuals have been publicly confirmed as targeted, out of whom six had their devices compromised with the mercenary

Apache Tomcat 8.5.63 / 9.0.43 HTTP Response Smuggling

Apache Tomcat suffers from a client-side de-sync vulnerability via HTTP request smuggling. Apache Tomcat versions 8.5.7 through 8.5.63 and 9.0.0-M11 through 9.0.43 are vulnerable.