Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

PartnerLeak scam site promises victims full access to “cheating” partner’s stolen data

We dug into PartnerLeak, the site behind the "your partner is cheating on you" emails, including how and where the scammers get their information.

Malwarebytes
Open in Source
#vulnerability#web#google#git#intel#auth#sap
Nipah Virus Testing Management System 1.0 PHP Code Injection

Nipah Virus Testing Management System version 1.0 suffers from a php code injection vulnerability.

Medical Card Generations System 1.0 SQL Injection

Medical Card Generations System version 1.0 suffers from a remote SQL injection vulnerability.

Maid Hiring Management System 1.0 Insecure Settings

Maid Hiring Management System version 1.0 suffers from an ignored default credential vulnerability.

Emergency Ambulance Hiring Portal 1.0 PHP Code Injection

Emergency Ambulance Hiring Portal version 1.0 suffers from a php code injection vulnerability.

Rising Tide of Software Supply Chain Attacks: An Urgent Problem

Understanding a threat is just as important as the steps taken toward prevention.

Beware: New Vo1d Malware Infects 1.3 Million Android TV Boxes Worldwide

Nearly 1.3 million Android-based TV boxes running outdated versions of the operating system and belonging to users spanning 197 countries have been infected by a new malware dubbed Vo1d (aka Void). "It is a backdoor that puts its components in the system storage area and, when commanded by attackers, is capable of secretly downloading and installing third-party software," Russian antivirus

Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking

Internet-exposed Selenium Grid instances are being targeted by bad actors for illicit cryptocurrency mining and proxyjacking campaigns. "Selenium Grid is a server that facilitates running test cases in parallel across different browsers and versions," Cado Security researchers Tara Gould and Nate Bill said in an analysis published today. "However, Selenium Grid's default configuration lacks

Siemens Industrial Edge Management

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Industrial Edge Management Vulnerability: Authorization Bypass Through User-Controlled Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to impersonate other devices onboarded to the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products are affected: Industrial Edge Management Pro: Versions prior to V1.9.5 Industrial Edge Management Virtual: Versions prior to V2.3.1-1 3.2 Vulnerability Overview 3.2.1 AUTHORIZATION BYPASS THROUGH USER-CONTROLLED KEY CWE-639 Affe...