Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

CVE-2023-4645: Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai_ajax — Wordfence Intelligence

The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai_ajax function. This can allow unauthenticated attackers to extract sensitive data such as post titles and slugs (including those of protected posts along with their passwords), usernames, available roles, the plugin license key provided the remote debugging option is enabled. In the default state it is disabled.

CVE
Open in Source
#vulnerability#wordpress#intel#perl#auth
Who’s Responsible for the Gaza Hospital Explosion? Here’s Why It’s Hard to Know What’s Real

A flood of false information, partisan narratives, and weaponized “fact-checking" has obscured efforts to find out who’s responsible for an explosion at a hospital in Gaza.

CVE-2023-45813: Inefficient Regular Expression Complexity in validate_link

Torbot is an open source tor network intelligence tool. In affected versions the `torbot.modules.validators.validate_link function` uses the python-validators URL validation regex. This particular regular expression has an exponential complexity which allows an attacker to cause an application crash using a well-crafted argument. An attacker can use a well-crafted URL argument to exploit the vulnerability in the regular expression and cause a Denial of Service on the system. The validators file has been removed in version 4.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

FBI: Hackers Are Extorting Plastic Surgery Providers, Patients

The sensitive nature of medical records, combined with providers' focus on patient care, make small doctor's offices ideal targets for cyber extortion.

Qubitstrike Malware Hits Jupyter Notebooks for Cryptojacking and Cloud Data

By Deeba Ahmed Qubitstrike Malware Uses Discord for C2 Communications in Cryptojacking Campaign Targeting Jupyter Notebooks. This is a post from HackRead.com Read the original post: Qubitstrike Malware Hits Jupyter Notebooks for Cryptojacking and Cloud Data

Clever malvertising attack uses Punycode to look like KeePass's official website

Categories: Threat Intelligence Tags: malvertising Tags: keepass Tags: punycode Tags: malware Tags: ads Tags: google Threat actors are doubling down on brand impersonation by using lookalike domain names. (Read more...) The post Clever malvertising attack uses Punycode to look like KeePass's official website appeared first on Malwarebytes Labs.

Pro-Iranian Hacktivists Set Sights on Israeli Industrial Control Systems

The hacktivists known as SiegedSec identify ICS targets, but there's no evidence of attacks yet.

Israeli Cybersecurity Startups: Impact of a Growing Conflict

For Israeli startups and those closely linked to the country, the deepening crisis in the Middle East following the deadly Hamas attacks of Oct. 7 pose a fraught mix of complications.

Critical Citrix NetScaler Flaw Exploited to Target from Government, Tech Firms

Citrix is warning of exploitation of a recently disclosed critical security flaw in NetScaler ADC and Gateway appliances that could result in exposure of sensitive information. Tracked as CVE-2023-4966 (CVSS score: 9.4), the vulnerability impacts the following supported versions - NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50 NetScaler ADC and NetScaler Gateway 13.1 before

Jupyter Notebook Ripe for Cloud Credential Theft, Researchers Warn

If not correctly locked down, Jupyter Notebook offers a novel initial access vector that hackers can use to compromise enterprise cloud environments, as seen in a recent hacking incident.