Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CISO Skills in a Changing Security Market: Are You Prepared?

The CISO role has evolved from a strictly technical position to one that increasingly requires business acumen. Here are some things you need to know.

DARKReading
Open in Source
#git#intel#auth
Hackers Using MSIX App Packages to Infect Windows PCs with GHOSTPULSE Maware

A new cyber attack campaign has been observed using spurious MSIX Windows app package files for popular software such as Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex to distribute a novel malware loader dubbed GHOSTPULSE. "MSIX is a Windows app package format that developers can leverage to package, distribute, and install their applications to Windows users," Elastic

CVE-2023-44141: Inkdrop - Note-taking App with Robust Markdown Editor

Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file.

GHSA-35c7-w35f-xwgh: Kube-proxy may unintentionally forward traffic

Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (`spec.ports[*].port`) as a LoadBalancer Service when the LoadBalancer controller does not set the `status.loadBalancer.ingress[].ip` field. Clusters where the LoadBalancer controller sets the `status.loadBalancer.ingress[].ip` field are unaffected.

GHSA-9pjf-jw9q-fx49: Cross-site Scripting (XSS) in dolibarr/dolibarr

Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.

CVE-2023-46865: Add extension whitelist to company logo file name by asylumdx · Pull Request #1271 · crater-invoice/crater

/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.

CVE-2023-5842

Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.

CVE-2023-46864: Path Traversal - Arbitrary File Download · Issue #171 · Peppermint-Lab/peppermint

Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request.

CVE-2023-46863: Vulnerability: Arbitrary File Download (unauthenticated) · Issue #108 · Peppermint-Lab/peppermint

Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request.

'Accidental' malvertising via Dynamic Search Ads delivers malware frenzy

Categories: Threat Intelligence Tags: malvertising Tags: ads Tags: google Tags: dynamic search ads Tags: python Tags: pycharm Tags: malware Dynamically generated ads can be problematic when the content they are created from has been compromised. (Read more...) The post 'Accidental' malvertising via Dynamic Search Ads delivers malware frenzy appeared first on Malwarebytes Labs.