Security
Headlines
HeadlinesLatestCVEs

Tag

#google

Microsoft Confirms Two 0-Days Being Exploited Against Exchange Servers

By Deeba Ahmed The latest attack against Exchange servers utilizes at least two new flaws (CVE-2022-41040, CVE-2022-41082) that have been assigned CVSS scores of 6.3 and 8.8. This is a post from HackRead.com Read the original post: Microsoft Confirms Two 0-Days Being Exploited Against Exchange Servers

HackRead
Open in Source
#vulnerability#google#microsoft#backdoor#oauth#auth#zero_day
CVE-2021-36855: Booking Ultra Pro Appointments Booking Calendar Plugin

Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro plugin <= 1.1.4 at WordPress.

CVE-2022-40277: GitHub - laurent22/joplin: Joplin - an open source note taking and to-do application with synchronisation capabilities for Windows, macOS, Linux, Android and iOS.

Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of existing links in the markdown file before passing them to the 'shell.openExternal' function.

Top 5 Mobile Commerce Trends in 2022

By Owais Sultan Due to its many benefits, mobile commerce has been growing quickly over the last several years. The need… This is a post from HackRead.com Read the original post: Top 5 Mobile Commerce Trends in 2022

Gentoo Linux Security Advisory 202209-23

Gentoo Linux Security Advisory 202209-23 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 105.0.5195.125 are affected.

SolarMarker Attack Leverages Weak WordPress Sites, Fake Chrome Browser Updates

The SolarMarker group is exploiting a vulnerable WordPress-run website to encourage victims to download fake Chrome browser updates, part of a new tactic in its watering-hole attacks.

New Malware Families Found Targeting VMware ESXi Hypervisors

Threat actors have been found deploying never-before-seen post-compromise implants in VMware's virtualization software to seize control of infected systems and evade detection. Google's Mandiant threat intelligence division referred to it as a "novel malware ecosystem" that impacts VMware ESXi, Linux vCenter servers, and Windows virtual machines, allowing attackers to maintain persistent access

With the Software Supply Chain, You Can't Secure What You Don't Measure

Reports to the National Vulnerability Database jumped in 2022, but we should pay just as much attention to the flaws that are not being reported to NVD, including those affecting the software supply chain.

Go Update iOS, Chrome, and HP Computers to Fix Serious Flaws

Plus: WhatsApp plugs holes that could be used for remote execution attacks, Microsoft patches a zero-day vulnerability, and more.