#git

Categories: News Tags: FBI Tags: warning Tags: beta-testing Tags: malicious code Tags: crypto recovery Tags: scammers The FBI has issued a warning about two related types of fraud, malicious beta-testing apps and crypto recovery schemes. (Read more...) The post Beware malware posing as beta versions of legitimate apps, warns FBI appeared first on Malwarebytes Labs.

Google on Tuesday announced the first quantum resilient FIDO2 security key implementation as part of its OpenSK security keys initiative. "This open-source hardware optimized implementation uses a novel ECC/Dilithium hybrid signature schema that benefits from the security of ECC against standard attacks and Dilithium's resilience against quantum attacks," Elie Bursztein and Fabian Kaczmarczyck

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-v7v8-gjv7-ffmr. This link is maintained to preserve external references. ## Original Description Versions of the package @excalidraw/excalidraw from 0.0.0 are vulnerable to Cross-site Scripting (XSS) via embedded links in whiteboard objects due to improper input sanitization.

The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notify_ping_remote' AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. This was partially patched in version 1.2.12 and fully patched in version 1.2.13.

Pikachu v1.0 was discovered to contain a SQL injection vulnerability via the $username parameter at \inc\function.php.

Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php.

webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php.

By Habiba Rashid A new report from Jon DiMaggio, Chief Security Strategist at Analyst1, “Ransomware Diaries: Volume 3 - LockBit’s Secrets'' exposes LockBit's activities, their targets, and the challenges they've been facing. This is a post from HackRead.com Read the original post: LockBit Ransomware Gang in Decline, May Be Compromised, Report

DVWA v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at blind\source\high.php.

Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php.