Security
Headlines
HeadlinesLatestCVEs

Tag

#google

A week in security (August 19 – August 25)

A list of topics we covered in the week of August 19 to August 25 of 2024

Malwarebytes
#vulnerability#google#zero_day#chrome
New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards

Cybersecurity researchers have uncovered new Android malware that can relay victims' contactless payment data from physical credit and debit cards to an attacker-controlled device with the goal of conducting fraudulent operations. The Slovak cybersecurity company is tracking the novel malware as NGate, stating it observed the crimeware campaign targeting three banks in Czechia. The malware "has

CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. The medium-severity vulnerability, tracked as CVE-2024-39717 (CVSS score: 6.6), is case of file upload bug impacting the "Change Favicon" feature that could allow a threat actor to

Meta Exposes Iranian Hacker Group Targeting Global Political Figures on WhatsApp

Meta Platforms on Friday became the latest company after Microsoft, Google, and OpenAI to expose the activities of an Iranian state-sponsored threat actor, who it said used a set of WhatsApp accounts that attempted to target individuals in Israel, Palestine, Iran, the U.K., and the U.S. The activity cluster, which originated from Iran, "appeared to have focused on political and diplomatic

New PEAKLIGHT Dropper Deployed in Attacks Targeting Windows with Malicious Movie Downloads

Cybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware with the ultimate goal of infecting Windows systems with information stealers and loaders. "This memory-only dropper decrypts and executes a PowerShell-based downloader," Google-owned Mandiant said. "This PowerShell-based downloader is being tracked as PEAKLIGHT." Some of

Crime Complaints Reporting Management System 1.0 Shell Upload

Crime Complaints Reporting Management System version 1.0 suffers from a remote shell upload vulnerability.

Courier Management System 1.0 Cross Site Request Forgery

Courier Management System version 1.0 suffers from a cross site request forgery vulnerability.

Company Visitor Management 1.0 SQL Injection

Company Visitor Management version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

CMSsite 1.0 Shell Upload

CMSsite version 1.0 suffers from a remote shell upload vulnerability.

CMS RIMI 1.3 Cross Site Request Forgery / File Upload

CMS RIMI version 1.3 suffers from cross site request forgery and arbitrary file upload vulnerabilities.