Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Dark Web Pedophiles Using Open-Source AI to Generate CSAM

By Waqas This was revealed by the Internet Watch Foundation, a UK-based internet watchdog. This is a post from HackRead.com Read the original post: Dark Web Pedophiles Using Open-Source AI to Generate CSAM

HackRead
#web#google#microsoft#intel#auth
The security pitfalls of social media sites offering ID-based authentication

Two notable vulnerabilities in Google Chrome should be patched asap, and an allegedly new ransomware-as-a-service group.

China's BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies

Cybersecurity agencies from Japan and the U.S. have warned of attacks mounted by a state-backed hacking group from China to stealthily tamper with branch routers and use them as jumping-off points to access the networks of various companies in the two countries. The attacks have been tied to a malicious cyber actor dubbed BlackTech by the U.S. National Security Agency (NSA), Federal Bureau of

China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

Government and telecom entities have been subjected to a new wave of attacks by a China-linked threat actor tracked as Budworm using an updated malware toolset. The intrusions, targeting a Middle Eastern telecommunications organization and an Asian government, took place in August 2023, with the adversary deploying an improved version of its SysUpdate toolkit, the Symantec Threat Hunter Team,

CVE-2023-5233: Font Awesome Integration <= 5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Wordfence Intelligence

The Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'fawesome' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2023-5232: Font Awesome More Icons <= 3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Wordfence Intelligence

The Font Awesome More Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'icon' shortcode in versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Malicious ad served inside Bing's AI chatbot

Categories: Threat Intelligence Tags: bing chat Tags: AI Tags: malvertising Tags: ads Users looking for software downloads may be tricked into visiting malicious websites via their interaction with Bing Chat. (Read more...) The post Malicious ad served inside Bing's AI chatbot appeared first on Malwarebytes Labs.

Using GenAI in Your Business? Here Is What You Need To Know

By Owais Sultan Generative AI is a technology that is still receiving a lot of attention from individuals and businesses to… This is a post from HackRead.com Read the original post: Using GenAI in Your Business? Here Is What You Need To Know

10 new vulnerabilities disclosed by Talos, including use-after-free issue in Google Chrome

Talos disclosed 10 vulnerabilities over the past two weeks affecting a range of software, including the popular Google Chrome web browser.

Ubuntu Security Notice USN-6397-1

Ubuntu Security Notice 6397-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service.