Security
Headlines
HeadlinesLatestCVEs

Tag

#google

You Should Update Apple iOS and Google Chrome ASAP

Plus: Microsoft patches over 60 vulnerabilities, Mozilla fixes two Firefox zero-day bugs, Google patches 40 issues in Android, and more.

Wired
Open in Source
#vulnerability#web#ios#android#mac#windows#apple#google#microsoft#cisco#java#rce#vmware#zero_day#chrome#firefox#sap
Apple Security Advisory 03-25-2024-1

Apple Security Advisory 03-25-2024-1 - Safari 17.4.1 addresses code execution and out of bounds write vulnerabilities.

Apple Security Advisory 03-25-2024-2

Apple Security Advisory 03-25-2024-2 - macOS Sonoma 14.4.1 addresses code execution and out of bounds write vulnerabilities.

Jeffrey Epstein's Island Visitors Exposed by Data Broker

A WIRED investigation uncovered coordinates collected by a controversial data broker that reveal sensitive information about visitors to an island once owned by Epstein, the notorious sex offender.

Google TAG Reports Zero-Day Surge and Rise of State Hacker Threats

By Waqas Google’s Threat Analysis Group (TAG) reports a concerning rise in zero-day exploits and increased activity from state-backed hackers.… This is a post from HackRead.com Read the original post: Google TAG Reports Zero-Day Surge and Rise of State Hacker Threats

Chinese APTs Targeted ASEAN During Summit with Espionage Malware

By Waqas The cyberattack occurred in the first week of March 2024 during the ASEAN-Australia Special Summit in Melbourne. This is a post from HackRead.com Read the original post: Chinese APTs Targeted ASEAN During Summit with Espionage Malware

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple's password reset feature. In this scenario, a target's Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds "Allow" or "Don't Allow" to each prompt. Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user's account is under attack and that Apple support needs to "verify" a one-time code.

YouTube ordered to reveal the identities of video viewers

Federal authorities have asked Google to reveal the identities of people that watched certain videos in at least two investigations.

GHSA-qgxx-4xv5-6hcw: phpMyFAQ SQL Injection at "Save News"

### Summary A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. ### Details The vulnerable field lies in the `authorEmail` field which uses PHP's `FILTER_VALIDATE_EMAIL` filter. This filter is insufficient in protecting against SQL injection attacks and should still be properly escaped. However, in this version of phpMyFAQ (3.2.5), this field is not escaped properly can be used together with other fields to fully exploit the SQL injection vulnerability. ### PoCs 4 PoCs are demonstrated here to illustrate the potential impacts. #### PoC 1 - Postgres Time Based SQLi 1. Login as admin or any user with the rights to view and save news. 2. Navigate to "../phpmyfaq/admin/?action=news", click on "Add news", fill in some data, send and...