Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

Large eBay malvertising campaign leads to scams

Consumers are being swamped by Google ads claiming to be eBay's customer service.

Malwarebytes
#web#google#git#bitbucket#chrome
GHSA-wvv7-wm5v-w2gv: Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE

### Summary XSS occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server. ### Details When using a workflow that contains the summary module, it generates reports in HTML and Markdown formats. The default report is based on the `general-template.md` template. ``` <p align="center"> <a href="https://www.osmedeus.org"><img alt="Osmedeus" src="https://raw.githubusercontent.com/osmedeus/assets/main/logo-transparent.png" height="140" /></a> <br /> <br /> <strong>Execute Summary Generated by Osmedeus {{Version}} at <em>{{CurrentDay}}</em></strong> <p align="center"> <a href="https://docs.osmedeus.org/"><img src="https://img.shields.io/badge/Documentation-0078D4?style=for-the-badge&logo=GitBook&logoColor=39ff14&labelColor=black&color=black"></a> <a href="https://docs.osmedeus.org/donation/"><img src="https://img.shields.io/badge/Donation-0078D4?style=for-the-badge&logo=GitHub-Sponsors&logoColor=39ff14&labelColor=...

Dark Reading Confidential: Quantum Has Landed, So Now What?

Episode #4: NIST's new post-quantum cryptography standards are here, so what comes next? This episode of Dark Reading Confidential digs into the world of quantum computing from a cybersecurity practitioner's point of view — with guests Matthew McFadden, vice president, Cyber, General Dynamics Information Technology (GDIT) and Thomas Scanlon, professor, Heinz College, Carnegie Mellon University.

New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers

Over 1,500 Android devices have been infected by a new strain of Android banking malware called ToxicPanda that allows threat actors to conduct fraudulent banking transactions. "ToxicPanda's main goal is to initiate money transfers from compromised devices via account takeover (ATO) using a well-known technique called on-device fraud (ODF)," Cleafy researchers Michele Roviello, Alessandro Strino

Debian Security Advisory 5802-1

Debian Linux Security Advisory 5802-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

Inside the Massive Crime Industry That’s Hacking Billion-Dollar Companies

When you download a piece of pirated software, you might also be getting a piece of infostealer malware, and entering a highly complex hacking ecosystem that’s fueling some of the biggest breaches on the planet.

A week in security (October 28 &#8211; November 3)

A list of topics we covered in the week of October 28 to November 3 of 2024

CVE-2024-10488: Chromium: CVE-2024-10488 Use after free in WebRTC

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.68 10/31/2024 130.0.6723.91/.92

CVE-2024-10487: Chromium: CVE-2024-10487: Out of bounds write in Dawn

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.68 10/31/2024 130.0.6723.91/.92

North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack

Threat actors in North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations. The activity, observed between May and September 2024, has been attributed to a threat actor tracked as Jumpy Pisces, which is also known as Andariel, APT45, DarkSeoul, Nickel Hyatt, Onyx Sleet (formerly Plutonium), Operation Troy,