Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Webinar: Learn How to Stop Hackers from Exploiting Hidden Identity Weaknesses

We all know passwords and firewalls are important, but what about the invisible threats lurking beneath the surface of your systems? Identity Threat Exposures (ITEs) are like secret tunnels for hackers – they make your security way more vulnerable than you think. Think of it like this: misconfigurations, forgotten accounts, and old settings are like cracks in your digital fortress walls. Hackers

The Hacker News
Open in Source
#web#git#The Hacker News
Top MITRE ATT&CK Techniques and How to Defend Against Them

A cheat sheet for all of the most common techniques hackers use, and general principles for stopping them.

Section 702: The Future of the Biggest US Spy Program Hangs in the Balance

The US Congress will this week decide the fate of Section 702, a major surveillance program that will soon expire if lawmakers do not act. WIRED is tracking the major developments as they unfold.

Active Nitrogen campaign delivered via malicious ads for PuTTY, FileZilla

Threat actors once again target system administrators via their favorite tools. Learn more about their TTPs and use the IOCs provide to investigate.

GHSA-j55w-hjpj-825g: Contao: Insufficient BBCode sanitizer

### Impact If BBCode is enabled for comments, users can inject CSS styles. ### Patches Update to Contao 4.13.40 or 5.3.4. ### Workarounds Disable BBCode for comments. ### References https://contao.org/en/security-advisories/insufficient-bbcode-sanitization ### For more information If you have any questions or comments about this advisory, open an issue in [contao/contao](https://github.com/contao/contao/issues/new/choose).

GHSA-747v-52c4-8vj8: Contao: Unencoded insert tags in the frontend

### Impact It is possible to inject insert tags via the form generator if the submitted form data is output on the page in a specific way. ### Patches Update to Contao 4.13.40 or 5.3.4. ### Workarounds Do not output the submitted form data on the website. ### References https://contao.org/en/security-advisories/insert-tag-injection-via-the-form-generator ### For more information If you have any questions or comments about this advisory, open an issue in [contao/contao](https://github.com/contao/contao/issues/new/choose).

GHSA-v24p-7p4j-qvvf: Contao: Cross site scripting in the file manager

### Impact Users can insert malicious code into file names when uploading files, which is then executed in tooltips and popups in the backend. ### Patches Update to Contao 4.13.40 or Contao 5.3.4. ### Workarounds Disable uploads for untrusted users. ### References https://contao.org/en/security-advisories/cross-site-scripting-in-the-file-manager ### For more information If you have any questions or comments about this advisory, open an issue in [contao/contao](https://github.com/contao/contao/issues/new/choose). ### Credits Thanks to Alexander Wuttke for reporting this vulnerability.

EV Charging Stations Still Riddled With Cybersecurity Vulnerabilities

As more electric vehicles are sold, the risk to compromised charging stations looms large alongside the potential for major cybersecurity exploits.