Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Highlights from the New U.S. Cybersecurity Strategy

The Biden administration today issued its vision for beefing up the nation's collective cybersecurity posture, including calls for legislation establishing liability for software products and services that are sold with little regard for security. The White House's new national cybersecurity strategy also envisions a more active role by cloud providers and the U.S. military in disrupting cybercriminal infrastructure, and names China as the single biggest cyber threat to U.S. interests.

Krebs on Security
Open in Source
#web#ios#mac#git#intel#pdf#botnet#auth#blog
CISA, MITRE Look to Take ATT&CK Framework Out of the Weeds

The Decider tool is designed to make the ATT&CK framework more accessible and usable for security analysts of every level, with an intuitive interface and simplified language.

CVE-2023-0084: Metform Elementor Contact Form Builder <= 3.1.2 - Unauthenticated Stored Cross-Site Scripting — Wordfence Intelligence Community Edition

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, which is the submissions page.

What GoDaddy's Years-Long Breach Means for Millions of Clients

The same "sophisticated" threat actor has pummeled the domain host on an ongoing basis since 2020, making off with customer logins, source code, and more. Here's what to do.

CVE-2023-1155: Cost Calculator <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting — Wordfence Intelligence Community Edition

The Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the nd_cc_meta_box_cc_price_icon parameter in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2023-0085: Metform Elementor Contact Form Builder <= 3.2.1 - reCaptcha Protection Bypass — Wordfence Intelligence Community Edition

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insufficient server side checking on the captcha value submitted during a form submission. This makes it possible for unauthenticated attackers to bypass Captcha restrictions and for attackers to utilize bots to submit forms.

New Report: Inside the High Risk of Third-Party SaaS Apps

A new report from Adaptive Shield looks at the how volume of applications being connected to the SaaS stack and the risk they represent to company data.

Experts Identify Fully-Featured Info Stealer and Trojan in Python Package on PyPI

A malicious Python package uploaded to the Python Package Index (PyPI) has been found to contain a fully-featured information stealer and remote access trojan. The package, named colourfool, was identified by Kroll's Cyber Threat Intelligence team, with the company calling the malware Colour-Blind. "The 'Colour-Blind' malware points to the democratization of cybercrime that could lead to an

Internet Explorer users still targeted by RIG exploit kit

Categories: News Tags: RIG EK Tags: exploit kit Tags: MakeMoney Tags: Internet Explorer Tags: Jerome Segura The RIG Exploit Kit is one of the last major exploit kits that still targets the legacy Internet Explorer browser. (Read more...) The post Internet Explorer users still targeted by RIG exploit kit appeared first on Malwarebytes Labs.