Security
Headlines
HeadlinesLatestCVEs

Tag

#google

Phishers Now Actively Automating Scams with Telegram

By Waqas In addition to phishing activities, researchers have observed a rise in Telegram channels being used to sell online banking credentials. This is a post from HackRead.com Read the original post: Phishers Now Actively Automating Scams with Telegram

HackRead
Open in Source
#vulnerability#web#mac#google#git#auth
Pinduoduo, a Top Chinese Shopping App, Is Laced With Malware

Plus: 119 arrested during a sting on the Genesis dark-web market, the IRS aims to buy an online mass surveillance tool, and more.

Apple Releases Updates to Address Zero-Day Flaws in iOS, iPadOS, macOS, and Safari

Apple on Friday released security updates for iOS, iPadOS, macOS, and Safari web browser to address a pair of zero-day flaws that are being exploited in the wild. The two vulnerabilities are as follows - CVE-2023-28205 - A use after free issue in WebKit that could lead to arbitrary code execution when processing specially crafted web content. CVE-2023-28206 - An out-of-bounds write issue in

CVE-2023-23762: Release notes - GitHub Enterprise Server 3.7 Docs

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it’s created by the code maintainer. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program.

CVE-2023-25712: WordPress Opt-Out for Google Analytics plugin <= 2.3.4 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-Buddy Google Analytics Opt-Out plugin <= 2.3.4 versions.

Microsoft Takes Legal Action to Disrupt Cybercriminals' Illegal Use of Cobalt Strike Tool

Microsoft said it teamed up with Fortra and Health Information Sharing and Analysis Center (Health-ISAC) to tackle the abuse of Cobalt Strike by cybercriminals to distribute malware, including ransomware. To that end, the tech giant's Digital Crimes Unit (DCU) revealed that it secured a court order in the U.S. to "remove illegal, legacy copies of Cobalt Strike so they can no longer be used by

Free VPN Amnezia Helps Users Avoid Censorship in Russia

Amnezia, a free virtual private network, allows users to set up their own servers, making it harder for Moscow to block this portal to the outside world.

Fight AI With AI

By developing new tools to defend against adversarial AI, companies can help ensure that artificial intelligence is developed and used in a responsible and safe manner.

CVE-2023-1931: WordPress Security Plugin | Wordfence

[PUSHED PREMATURELY] Information temporarily redacted until it should be made public.

'BEC 3.0' Is Here With Tax-Season QuickBooks Cyberattacks

In next-gen, credential-harvesting attacks, phishing emails use cloud services and are free from the typical bad grammar or typos they've traditionally used (and which users have learned to spot).