Security
Headlines
HeadlinesLatestCVEs

Tag

#git

27 Malicious PyPI Packages with Thousands of Downloads Found Targeting IT Experts

An unknown threat actor has been observed publishing typosquat packages to the Python Package Index (PyPI) repository for nearly six months with an aim to deliver malware capable of gaining persistence, stealing sensitive data, and accessing cryptocurrency wallets for financial gain. The 27 packages, which masqueraded as popular legitimate Python libraries, attracted thousands of downloads,

The Hacker News
Open in Source
#sql#web#windows#nodejs#js#git#intel#aws#oauth#auth#ssh#mongo#postgres#The Hacker News
Reflecting on 20 years of Patch Tuesday

This year is a landmark moment for Microsoft as we observe the 20th anniversary of Patch Tuesday updates, an initiative that has become a cornerstone of the IT world’s approach to cybersecurity. Originating from the Trustworthy Computing memo by Bill Gates in 2002, our unwavering commitment to protecting customers continues to this day and is reflected in Microsoft’s Secure Future Initiative announced this month.

U.S. Cybersecurity Agencies Warn of Scattered Spider's Gen Z Cybercrime Ecosystem

U.S. cybersecurity and intelligence agencies have released a joint advisory about a cybercriminal group known as Scattered Spider that's known to employ sophisticated phishing tactics to infiltrate targets. "Scattered Spider threat actors typically engage in data theft for extortion using multiple social engineering techniques and have recently leveraged BlackCat/ALPHV ransomware alongside their

GHSA-36fr-3wg8-q5v8: Concrete CMS Cross-site Scripting vulnerability

Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name.

GHSA-m87h-jxr6-f82w: Concrete CMS allows unauthorized access because directories can be created with insecure permissions

Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified.

CVE-2023-41102: Release OpenNDS v10.1.3 release · openNDS/openNDS

An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memory leaks due to not freeing up allocated memory. This may lead to a Denial-of-Service condition due to the consumption of all available memory.

CVE-2023-38324: Release OpenNDS v10.1.2 release · openNDS/openNDS

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It allows users to skip the splash page sequence when it is using the default FAS key and when OpenNDS is configured as FAS (default).

CVE-2023-47675: CubeCart 6.5.3 Released - Security Update

CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.

CVE-2023-48659: Comparing v2.4.175...v2.4.176 · MISP/MISP

An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing.

GHSA-q27h-hw2v-x5jm: Free5gc allows a local attacker to cause a denial of service via the free5gc-compose component

An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component.