Security
Headlines
HeadlinesLatestCVEs

Tag

#google

Attackers Are Probing for Zero-Day Vulns in Edge Infrastructure Products

Nearly 20% of the zero-day flaws that attackers exploited in 2022 were in network, security, and IT management products, Mandiant says.

DARKReading
#vulnerability#web#ios#mac#windows#apple#google#microsoft#cisco#rce#vmware#zero_day#chrome#ssl
Google Suspends Chinese Shopping App Pinduoduo Over Malware Concerns

By Waqas Pinduoduo has confirmed the incident, but denied the presence of malware in its app. This is a post from HackRead.com Read the original post: Google Suspends Chinese Shopping App Pinduoduo Over Malware Concerns

Python CGI Documentation Cross Site Scripting

The documentation for the python CGI module suffers from a cross site scripting vulnerability.

New Kritec Magecart skimmer found on Magento stores

Categories: Threat Intelligence Tags: Magecart Tags: skimmer Tags: Kritect Tags: Magento Compromised online stores have been injected with skimmers hiding around the Google Tag Manager script. We identified a new one that looked similar at first but is part of a different campaign. (Read more...) The post New Kritec Magecart skimmer found on Magento stores appeared first on Malwarebytes Labs.

Google Pixel: Cropped or edited images can be recovered

Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Pixel Tags: Markup Tags: CVE-2023-21036 Tags: recover Tags: PNG Tags: truncated A vulnerability in the Markup tool that comes pre-installed on Pixel phones allows anyone with access to the edited image to view parts of the original. (Read more...) The post Google Pixel: Cropped or edited images can be recovered appeared first on Malwarebytes Labs.

CVE-2023-28725: Changelog | GENERAL BYTES

General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March 2023. This is fixed in 20221118.48 and 20230120.44.

GHSA-fcmm-54jp-7vf6: Frontier's modexp precompile is slow for even modulus

### Impact Frontier's `modexp` precompile uses `num-bigint` crate under the hood. [In the implementation](https://github.com/rust-num/num-bigint/blob/6f2b8e0fc218dbd0f49bebb8db2d1a771fe6bafa/src/biguint/power.rs#L134), the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery multiplication, and even modulus uses the slow plain power algorithm. This gas cost discrepancy was not accounted for in the `modexp` precompile, leading to possible denial of service attacks. ### Patches No fixes for `num-bigint` is currently available, and thus this advisory will be first fixed in the short term by raising the gas costs for even modulus, and in the long term fixing it in `num-bigint` or switching to another modexp implementation. The short-term fix for Frontier is deployed at [PR 1017](https://github.com/paritytech/frontier/pull/1017). The recommendations are as follows: - If you anticipate malicious validators, it's recommended to ...

CVE-2023-1530

Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-1533

Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)