Security
Headlines
HeadlinesLatestCVEs

Tag

#google

Google Chrome 103.0.5060.53 Autofill Assistant Universal Cross Site Scripting

Google Chrome version 103.0.5060.53 suffers from an Autofill Assistant universal cross site scripting vulnerability.

Packet Storm
Open in Source
#xss#vulnerability#web#android#google#js#java#perl#chrome
Windows Kerberos RC4 MD4 Encryption Downgrade Privilege Escalation

The Windows KDC allows an interposing attacker to downgrade to RC4 MD4 encryption in compromising the user's TGT session key resulting in escalation of privilege.

Meet Plexus, An AI-based Browser Security Solution from LayerX

By Waqas With the increasing use of the internet, browser security has become an important issue. Malware, phishing, and adware… This is a post from HackRead.com Read the original post: Meet Plexus, An AI-based Browser Security Solution from LayerX

Hackers Exploiting Dell Driver Vulnerability to Deploy Rootkit on Targeted Computers

The North Korea-backed Lazarus Group has been observed deploying a Windows rootkit by taking advantage of an exploit in a Dell firmware driver, highlighting new tactics adopted by the state-sponsored adversary. The Bring Your Own Vulnerable Driver (BYOVD) attack, which took place in the autumn of 2021, is another variant of the threat actor's espionage-oriented activity called Operation In(ter)

CVE-2022-42004: Add check in `BeanDeserializer._deserializeFromArray()` to prevent use of deeply nested arrays · Issue #3582 · FasterXML/jackson-databind

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.

Chinese Hackers Hiding Malware in Windows Logo

By Waqas Going by the name of Witchetty; the hacker group is targeting countries in Africa and the Middle East. This is a post from HackRead.com Read the original post: Chinese Hackers Hiding Malware in Windows Logo

Magento 1 vs Magento 2

By Owais Sultan Over the last decade, a couple of aspects have changed within the tech world and Magento is no… This is a post from HackRead.com Read the original post: Magento 1 vs Magento 2

Ubuntu Security Notice USN-5648-1

Ubuntu Security Notice 5648-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Duoming Zhou discovered that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service.

The Challenge of Cracking Iran’s Internet Blockade

People around the world are rallying to subvert Iran's internet shutdown, but actually pulling it off is proving difficult and risky.

CVE-2021-36865: Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress

Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows attackers to change the content of the quiz.