Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2023-29334: Microsoft Edge (Chromium-based) Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

Microsoft Security Response Center
Open in Source
#vulnerability#web#microsoft#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
CVE-2023-28261

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVE-2023-28286

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Google Gets Court Order to Take Down CryptBot That Infected Over 670,000 Computers

Google on Wednesday said it obtained a temporary court order in the U.S. to disrupt the distribution of a Windows-based information-stealing malware called CryptBot and "decelerate" its growth. The tech giant's Mike Trinh and Pierre-Marc Bureau said the efforts are part of steps it takes to "not only hold criminal operators of malware accountable, but also those who profit from its distribution.

ChurchCRM 4.5.3 SQL Injection

ChurchCRM versions 4.5.3 and below suffer from a remote SQL injection vulnerability.

Paperbug Attack: New Politically-Motivated Surveillance Campaign in Tajikistan

A little-known Russian-speaking cyber-espionage group has been linked to a new politically-motivated surveillance campaign targeting high-ranking government officials, telecom services, and public service infrastructures in Tajikistan. The intrusion set, dubbed Paperbug by Swiss cybersecurity company PRODAFT, has been attributed to a threat actor known as Nomadic Octopus (aka DustSquad). "The

CVE-2023-2294: UCMS1.6/README.md at main · yztale/UCMS1.6

A vulnerability was found in UCMS 1.6.0. It has been classified as problematic. This affects an unknown part of the file saddpost.php of the component Column Configuration. The manipulation of the argument strorder leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227481 was assigned to this vulnerability.

CVE-2023-30417: pear-admin-boot存在存储式跨站脚本漏洞 · Issue #I6SXHX · Pear Admin/Pear Admin Boot - Gitee.com

A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private message.

Debian Security Advisory 5393-1

Debian Linux Security Advisory 5393-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

A week in security (April 17 - 23)

Categories: News Tags: fake Chrome update Tags: AirBnb scam Tags: fake IRS tax email Tags: Ransomware in Germany report Tags: Living Off The Land Tags: LOTL attack Tags: ALPHV ransomware Tags: ransomware Tags: spring cleaning your browser Tags: lost injured dog Facebook hoax Tags: Facebook hoax Tags: swatting-as-aservice Tags: LockBit ransomware Tags: Instagram scam Tags: Domino Backdoor Tags: Malwarebytes Admin Tags: Fancy Bear Tags: tech support scam Tags: QBot Tags: Chrome zero-day Tags: Facebook Tags: Cambridge Analytica settlement claim The most interesting security related news from the week of April 17 - 23. (Read more...) The post A week in security (April 17 - 23) appeared first on Malwarebytes Labs.