Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2023-37790: Clarity PPM 14.3.0.298 Cross Site Scripting ≈ Packet Storm

Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function.

CVE
#xss#vulnerability#web#windows#auth#chrome#webkit
CVE-2023-5996: Stable Channel Update for Desktop

Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

ThreatDown powered by Malwarebytes: A 15 Year Journey

With the release of ThreatDown, let's take a look at Malwarebytes' 15-year legacy and what's next.

IBM X-Force Discovers Gootloader Malware Variant- GootBot

By Deeba Ahmed GootBot: New Gootloader Variant Evades Detection with Stealthy Lateral Movement. This is a post from HackRead.com Read the original post: IBM X-Force Discovers Gootloader Malware Variant- GootBot

Okta breach happened after employee logged into personal Google account

Okta has concluded that the root cause of its breach was an employee storing company credentials in a private Google account.

CVE-2023-47102: Quantiano

UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message confirms that a username is not valid.

CVE-2023-36409

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Okta Breach Linked to Employee’s Google Account, Affects 134 Customers

By Waqas Some of the most prominent victims of the data breach include Cloudflare, 1Password, and BeyondTrust. This is a post from HackRead.com Read the original post: Okta Breach Linked to Employee’s Google Account, Affects 134 Customers

Google Launches Verification Badges for Security Tested VPN Apps

By Deeba Ahmed The new feature will add an Independent Security Review badge at the top of the Google Play search results page when users search for VPN apps.  This is a post from HackRead.com Read the original post: Google Launches Verification Badges for Security Tested VPN Apps

CVE-2023-5950: Release Release 0.7.0 · Velocidex/velociraptor

Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed in version 0.7.0-04 and a patch is available to download. Patches are also available for version 0.6.9 (0.6.9-1).