#intel

PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text.

New research has revealed that threat actors are abusing Cloudflare Tunnels to establish covert communication channels from compromised hosts and retain persistent access. "Cloudflared is functionally very similar to ngrok," Nic Finn, a senior threat intelligence analyst at GuidePoint Security, said. "However, Cloudflared differs from ngrok in that it provides a lot more usability for free,

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface.

Categories: Personal Tags: letmespy Tags: stalkerware Tags: spy Tags: snoop Tags: install Tags: data Tags: breach Tags: hacked We take a look at reports of an app called LetMeSpy facing an imminent shutdown after a server breach and data deletion incident. (Read more...) The post Server breach could be fatal blow for LetMeSpy appeared first on Malwarebytes Labs.

In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.

Categories: Threat Intelligence Tags: malvertising Tags: nft Tags: crypto Tags: wallet Tags: bing Tags: google NFT enthusiasts are getting their wallets drained after clicking on a malicious ad. (Read more...) The post Digital assets continue to be prime target for malvertisers appeared first on Malwarebytes Labs.

An unknown threat actor is using a variant of the Yashma ransomware to target various entities in English-speaking countries, Bulgaria, China, and Vietnam at least since June 4, 2023. Cisco Talos, in a new write-up, attributed the operation with moderate confidence to an adversary of likely Vietnamese origin. "The threat actor uses an uncommon technique to deliver the ransom note," security

In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker might be able to get access to user credentials. For a successful attack, the attacker needs to have local access to the system. There is no impact on availability and integrity.

Edge computing has grown from being a niche use case in a handful of industries to offering a major opportunity for enterprises across industries to spread compute power around the world (or universe, as in the case of workloads in space). Edge computing slashes latency times by processing data where the data is being collected, or when it might otherwise be impossible to process because a workload or piece of hardware is disconnected from the network. But when you consider any advanced technology, the question of security and data protection is always top of mind. This is especially true f

Soon after Russian troops invaded Ukraine in February 2022, sensors in the Chernobyl Exclusion Zone reported radiation spikes. A researcher now believes he’s found evidence the data was manipulated.