Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

CVE-2023-45813: Inefficient Regular Expression Complexity in validate_link

Torbot is an open source tor network intelligence tool. In affected versions the `torbot.modules.validators.validate_link function` uses the python-validators URL validation regex. This particular regular expression has an exponential complexity which allows an attacker to cause an application crash using a well-crafted argument. An attacker can use a well-crafted URL argument to exploit the vulnerability in the regular expression and cause a Denial of Service on the system. The validators file has been removed in version 4.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE
Open in Source
#vulnerability#dos#git#intel
FBI: Hackers Are Extorting Plastic Surgery Providers, Patients

The sensitive nature of medical records, combined with providers' focus on patient care, make small doctor's offices ideal targets for cyber extortion.

Qubitstrike Malware Hits Jupyter Notebooks for Cryptojacking and Cloud Data

By Deeba Ahmed Qubitstrike Malware Uses Discord for C2 Communications in Cryptojacking Campaign Targeting Jupyter Notebooks. This is a post from HackRead.com Read the original post: Qubitstrike Malware Hits Jupyter Notebooks for Cryptojacking and Cloud Data

Clever malvertising attack uses Punycode to look like KeePass's official website

Categories: Threat Intelligence Tags: malvertising Tags: keepass Tags: punycode Tags: malware Tags: ads Tags: google Threat actors are doubling down on brand impersonation by using lookalike domain names. (Read more...) The post Clever malvertising attack uses Punycode to look like KeePass's official website appeared first on Malwarebytes Labs.

Pro-Iranian Hacktivists Set Sights on Israeli Industrial Control Systems

The hacktivists known as SiegedSec identify ICS targets, but there's no evidence of attacks yet.

Israeli Cybersecurity Startups: Impact of a Growing Conflict

For Israeli startups and those closely linked to the country, the deepening crisis in the Middle East following the deadly Hamas attacks of Oct. 7 pose a fraught mix of complications.

Critical Citrix NetScaler Flaw Exploited to Target from Government, Tech Firms

Citrix is warning of exploitation of a recently disclosed critical security flaw in NetScaler ADC and Gateway appliances that could result in exposure of sensitive information. Tracked as CVE-2023-4966 (CVSS score: 9.4), the vulnerability impacts the following supported versions - NetScaler ADC and NetScaler Gateway 14.1 before 14.1-8.50 NetScaler ADC and NetScaler Gateway 13.1 before

Jupyter Notebook Ripe for Cloud Credential Theft, Researchers Warn

If not correctly locked down, Jupyter Notebook offers a novel initial access vector that hackers can use to compromise enterprise cloud environments, as seen in a recent hacking incident.

CVE-2023-3254: Widgets for Google Reviews <= 10.9 - Cross-Site Request Forgery to Plugin Settings Reset — Wordfence Intelligence

The Widgets for Google Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.9. This is due to missing or incorrect nonce validation within setup_no_reg_header.php. This makes it possible for unauthenticated attackers to reset plugin settings and remove reviews via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2023-5538: MpOperationLogs <= 1.0.1 - Unauthenticated Stored Cross-Site Scripting — Wordfence Intelligence

The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the IP Request Headers in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.