Security
Headlines
HeadlinesLatestCVEs

Tag

#git

CVE-2023-37847: 小说精品屋-GitHub开源小说系统

novel-plus v3.6.2 was discovered to contain a SQL injection vulnerability.

CVE
Open in Source
#sql#vulnerability#redis#git#java#alibaba
South African Power Supplier Hit by DroxiDat Malware

By Deeba Ahmed Cybersecurity researchers at Securelist have discovered a cyberattack against a power-generating firm in South Africa. Reportedly, the firm… This is a post from HackRead.com Read the original post: South African Power Supplier Hit by DroxiDat Malware

CVE-2023-4321: prevent xhtml files from being uploaded in the assets manager · Cockpit-HQ/Cockpit@34ab31e

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3.

Identity Threat Detection and Response: Rips in Your Identity Fabric

Why SaaS Security Is a Challenge In today's digital landscape, organizations are increasingly relying on Software-as-a-Service (SaaS) applications to drive their operations. However, this widespread adoption has also opened the doors to new security risks and vulnerabilities. The SaaS security attack surface continues to widen. It started with managing misconfigurations and now requires a

Charming Kitten Targets Iranian Dissidents with Advanced Cyber Attacks

Germany's Federal Office for the Protection of the Constitution (BfV) has warned of cyber attacks targeting Iranian persons and organizations in the country since the end of 2022. "The cyber attacks were mainly directed against dissident organizations and individuals – such as lawyers, journalists, or human rights activists – inside and outside Iran," the agency said in an advisory. The

New Financial Malware 'JanelaRAT' Targets Latin American Users

Users in Latin America (LATAM) are the target of a financial malware called JanelaRAT that's capable of capturing sensitive information from compromised Microsoft Windows systems. "JanelaRAT mainly targets financial and cryptocurrency data from LATAM bank and financial institutions," Zscaler ThreatLabz researchers Gaetano Pellegrino and Sudeep Singh said, adding it "abuses DLL side-loading

A new type of "freedom," or, tracking children with AirTags, with Heather Kelly: Lock and Code S04E17

Categories: Podcast This week on Lock and Code, we speak with Heather Kelly about why how parents are using AirTags to give their kids freedom. (Read more...) The post A new type of "freedom," or, tracking children with AirTags, with Heather Kelly: Lock and Code S04E17 appeared first on Malwarebytes Labs.

India Passes New Digital Personal Data Protection Bill (DPDPB), Putting Users' Privacy First

The Indian President Droupadi Murmu on Friday granted assent to the Digital Personal Data Protection Bill (DPDPB) after it was unanimously passed by both houses of the parliament last week, marking a significant step towards securing people's information. "The Bill provides for the processing of digital personal data in a manner that recognizes both the rights of the individuals to protect their

CVE-2023-40303: setuid/setgid return values not checked in rlogin, rsh, rshd and uucpd

GNU inetutils through 2.4 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.

CVE-2023-40293: Dude, It’s my Car: How to develop intimacy with your car !

Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object.