Tag
Data associated with a subset of registered customers of VirusTotal, including their names and email addresses, have leaked on the internet. The security incident, which comprises a database of 5,600 names in a 313KB file, was first disclosed by Der Spiegel and Der Standard yesterday. Launched in 2004, VirusTotal is a popular service that analyzes suspicious files and URLs to detect types of
Categories: Threat Intelligence Tags: fakeupdates Tags: socgholish Tags: netsupport Tags: RAT A new campaign leveraging compromised WordPress sites emerges with another fake browser update. (Read more...) The post FakeSG enters the 'FakeUpdates' arena to deliver NetSupport RAT appeared first on Malwarebytes Labs.
The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profile_magic_check_smtp_connection' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily. This can be used by attackers to achieve privilege escalation.
An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.
By Habiba Rashid Alarmingly, the leaked data also contained 969,571 images of users, some of which were sexually explicit in nature. This is a post from HackRead.com Read the original post: Database Mess Up Exposed PII and Photos of 2.3M Dating App Users
WinterCMS versions prior to 1.2.3 suffer from a persistent cross site scripting vulnerability.
The WooCommerce Google Sheet Connector WordPress plugin through 1.3.4 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack
The Caldera Forms Google Sheets Connector WordPress plugin through 1.2 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack
Threat actors are taking advantage of Android's WebAPK technology to trick unsuspecting users into installing malicious web apps on Android phones that are designed to capture sensitive personal information. "The attack began with victims receiving SMS messages suggesting the need to update a mobile banking application," researchers from CSIRT KNF said in an analysis released last week. "The
Categories: Exploits and vulnerabilities Categories: News Tags: Zimbra Tags: MalasLocker Tags: vulnerability Tags: Google Tags: actively exploited Tags: fn:escapeXml Security experts are warning Zimbra users that a vulnerability for which there is no patch is being actively exploited in the wild. (Read more...) The post Act now! In-the-wild Zimbra vulnerability needs a workaround appeared first on Malwarebytes Labs.