Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

Key takeaways from Malwarebytes 2023 State of Mobile Cybersecurity

Categories: Business We asked 250 schools and hospitals about their mobile security posture, including Chromebooks. Here’s what we found out. (Read more...) The post Key takeaways from Malwarebytes 2023 State of Mobile Cybersecurity appeared first on Malwarebytes Labs.

Malwarebytes
Open in Source
#ios#android#chrome
Samsung Galaxy Store App Found Vulnerable to Sneaky App Installs and Fraud

Two security flaws have been disclosed in Samsung's Galaxy Store app for Android that could be exploited by a local attacker to stealthily install arbitrary apps or direct prospective victims to fraudulent landing pages on the web. The issues, tracked as CVE-2023-21433 and CVE-2023-21434, were discovered by NCC Group and notified to the South Korean chaebol in November and December 2022. Samsung

4 ways to protect your privacy while scrolling

Categories: News Categories: Privacy Tags: Privacy Tags: browser Tags: VPN Tags: BrowserGuard For every level of privacy awareness, there are layers you can use to protect yourself. Here are four suggestions. (Read more...) The post 4 ways to protect your privacy while scrolling appeared first on Malwarebytes Labs.

CVE-2023-23314: File upload ssh authorized_keys causes RCE · Issue #90 · helloxz/zdir

An arbitrary file upload vulnerability in the /api/upload component of zdir v3.2.0 allows attackers to execute arbitrary code via a crafted .ssh file.

CVE-2022-46959: Back up files in any directory through directory traversal · Issue #56 · go-sonic/sonic

An issue in the component /admin/backups/work-dir of Sonic v1.0.4 allows attackers to execute a directory traversal.

A week in security (January 16—22)

Categories: News Tags: Google Tags: Rust Tags: Chromium Tags: Mailchimp Tags: SweepWizard Tags: bossware Tags: TikTok Tags: surveillance firm Tags: Voyager Labs Tags: TracketPacer Tags: Facebook Tags: Instagram Tags: Vice Society Tags: Liquor Control Board of Ontario Tags: Zoho ManageEngine Tags: GitHub Tags: LastPass Tags: Git flaw Tags: ransomware Tags: credit card fraud The most interesting security related news from the week of January 16-22. (Read more...) The post A week in security (January 16—22) appeared first on Malwarebytes Labs.

CVE-2021-29368: Session Fixation in CuppaCMS · Issue #8 · CuppaCMS/CuppaCMS

Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297 on November 12, 2019 allows attackers to gain access to arbitrary user sessions.

CVE-2020-23256: Electron has serious security vulnerability · Issue #1686 · electerm/electerm

An issue was discovered in Electerm 1.3.22, allows attackers to execute arbitrary code via unverified request to electerms service.

Roaming Mantis Spreading Mobile Malware That Hijacks Wi-Fi Routers' DNS Settings

Threat actors associated with the Roaming Mantis attack campaign have been observed delivering an updated variant of their patent mobile malware known as Wroba to infiltrate Wi-Fi routers and undertake Domain Name System (DNS) hijacking. Kaspersky, which carried out an analysis of the malicious artifact, said the feature is designed to target specific Wi-Fi routers located in South Korea.

CVE-2022-48122: ttt/17 at main · Am1ngl/ttt

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function.