Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

TinyTurla-NG in-depth tooling and command and control analysis

Cisco Talos, in cooperation with CERT.NGO, has discovered new malicious components used by the Turla APT. New findings from Talos illustrate the inner workings of the command and control (C2) scripts deployed on the compromised WordPress servers utilized in the compromise we previously disclosed.

TALOS
Open in Source
#web#mac#windows#google#microsoft#cisco#git#wordpress#php#backdoor#auth#ssh#chrome#firefox#ssl
New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers

Cybersecurity researchers have identified two authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devices that could trick users into joining a malicious clone of a legitimate network or allow an attacker to join a trusted network without a password. The vulnerabilities, tracked as CVE-2023-52160 and CVE-2023-52161, have been discovered following a

WordPress 6.4.3 Username Disclosure

WordPress versions 6.4.3 and below appear to suffer from a REST API related username disclosure vulnerability.

GHSA-6wr5-jmpr-mjcx: Uncaught Exception in Macro Expecting Native Function to Exist

The query executor would panic when executing a query containing a call to a built-in SurrealDB function that did not exist. This could occur accidentally in situations where the version of the SurrealDB client was newer than the SurrealDB server or when a pre-parsed query was provided to the server via a newer version of the SurrealDB SDK. ### Impact A client that is authorized to run queries in a SurrealDB server is able to craft and execute a pre-parsed query invoking a nonexistent built-in function, which will cause a panic. This will crash the server, leading to denial of service. ### Patches - Version 1.2.0 and later are not affected by this issue. ### Workarounds Concerned users unable to update may want to limit the ability of untrusted users to run arbitrary SurrealQL queries in the affected versions of SurrealDB. To limit the impact of the denial of service, SurrealDB administrators may also want to ensure that the SurrealDB process is running so that it can be automati...

Savsoft Quiz 6.0 Enterprise Cross Site Scripting

Savsoft Quiz version 6.0 Enterprise suffers from a persistent cross site scripting vulnerability.

SPA-CART CMS 1.9.0.3 Cross Site Scripting

SPA-CART CMS version 1.9.0.3 suffers from a persistent cross site scripting vulnerability.

Gentoo Linux Security Advisory 202402-23

Gentoo Linux Security Advisory 202402-23 - Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution. Versions greater than or equal to 121.0.6167.139 are affected.

Chrome chrome.pageCapture.saveAsMHTML() Extension API Blocked Origin Bypass

Chrome has an issue where the chrome.pageCapture.saveAsMHTML() extension API can be used on blocked origins due to a racy access check.

New MonikerLink Flaw Exposes Outlook Users to Data Theft and Malware

By Waqas The #MonikerLink security flaw in Microsoft Outlook allows hackers to execute arbitrary code on the targeted device. This is a post from HackRead.com Read the original post: New MonikerLink Flaw Exposes Outlook Users to Data Theft and Malware

Adapt CMS 3.0.3 Cross Site Scripting / Shell Upload

Adapt CMS version 3.0.3 suffers from persistent cross site scripting and remote shell upload vulnerabilities.