Security
Headlines
HeadlinesLatestCVEs

Tag

#google

Delta Dental Hit with 7 Million User Data Breach in MOVEit-Linked Attack

By Waqas Since its emergence in May 2023, the MOVEit vulnerability has been exploited by the Russian-linked Cl0p ransomware gang,… This is a post from HackRead.com Read the original post: Delta Dental Hit with 7 Million User Data Breach in MOVEit-Linked Attack

HackRead
Open in Source
#vulnerability#web#ios#apple#google#pdf#zero_day
Chrome starts the countdown to the end of tracking cookies

Google will soon roll out its Tracking Protection feature to some randomly chosen users in order to prepare for a full deployment.

American Fuzzy Lop plus plus 4.09c

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.

Google's New Tracking Protection in Chrome Blocks Third-Party Cookies

Google on Thursday announced that it will start testing a new feature called "Tracking Protection" starting January 4, 2024, to 1% of Chrome users as part of its efforts to deprecate third-party cookies in the web browser. The setting is designed to limit "cross-site tracking by restricting website access to third-party cookies by default," Anthony Chavez, vice president of Privacy

GHSA-3mv5-343c-w2qg: Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound when used with cell::Ref or cell::RefMut

The `Ref` methods `into_ref`, `into_mut`, `into_slice`, and `into_slice_mut` are unsound and may allow safe code to exhibit undefined behavior when used with `Ref<B, T>` where `B` is [`cell::Ref`](https://doc.rust-lang.org/core/cell/struct.Ref.html) or [`cell::RefMut`](https://doc.rust-lang.org/core/cell/struct.RefMut.html). Note that these methods remain sound when used with `B` types other than `cell::Ref` or `cell::RefMut`. See https://github.com/google/zerocopy/issues/716 for a more in-depth analysis. The current plan is to yank the affected versions soon. See https://github.com/google/zerocopy/issues/679 for more detail.

CVE-2023-6707: Stable Channel Update for Desktop

Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2023-49151: WordPress Google Calendar Events plugin <= 3.2.6 - Cross Site Scripting (XSS) vulnerability - Patchstack

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simple Calendar Simple Calendar – Google Calendar Plugin allows Stored XSS.This issue affects Simple Calendar – Google Calendar Plugin: from n/a through 3.2.6.

Ten Years Later, New Clues in the Target Breach

On Dec. 18, 2013, KrebsOnSecurity broke the news that U.S. retail giant Target was battling a wide-ranging computer intrusion that compromised more than 40 million customer payment cards over the previous month. The malware used in the Target breach included the text string "Rescator," which also was the handle chosen by the cybercriminal who was selling all of the cards stolen from Target customers. Ten years later, KrebsOnSecurity has uncovered new clues about the real-life identity of Rescator.

Apple now requires a judges order to hand over your push notification data

Apple has changed its legal process guidelines to reflect it now requires a judge's order to hand over information about its customers' push notifications.

Chrome V8 Type Confusion / New Sandbox Escape

Proof of concept exploit for CVE-2023-3079 that leverages a type confusion in V8 in Google Chrome versions prior to 114.0.5735.110. This issue allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This variant of the exploit applies a new technique to escape the sandbox.