Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Tailscale VPN nodes vulnerable to DNS rebinding, RCE

Users should manually update to the latest version now

PortSwigger
Open in Source
#xss#web#mac#windows#js#git#java#intel#rce#samba#auth#firefox
CVE-2022-24441: feat: add workspace trust (#217) · snyk/snyk-visual-studio-plugin@0b53dbb

The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the application. This vulnerability may be triggered when running the the CLI tool directly, or when running a scan with one of the IDE plugins that invoke the Snyk CLI. Successful exploitation of this issue would likely require some level of social engineering - to coerce an untrusted project to be downloaded and analyzed via the Snyk CLI or opened in an IDE where a Snyk IDE plugin is installed and enabled. Additionally, if the IDE has a Trust feature then the target folder must be marked as ‘trusted’ in order to be vulnerable. **NOTE:** This issue is independent of the one reported in [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342), and upgrading to a fixed version for this addresses t...

CVE-2022-4231: bug-report/vendors/tribalsystems/zenario/session-fixation at main · lithonn/bug-report

A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS 9.3.57595. This issue affects some unknown processing of the component Remember Me Handler. The manipulation leads to session fixiation. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214589 was assigned to this vulnerability.

Chinese Cyber Espionage Hackers Using USB Devices to Target Entities in Philippines

A threat actor with a suspected China nexus has been linked to a set of espionage attacks in the Philippines that primarily relies on USB devices as an initial infection vector. Mandiant, which is part of Google Cloud, is tracking the cluster under its uncategorized moniker UNC4191. An analysis of the artifacts used in the intrusions indicates that the campaign dates as far back as September

How to Use Cyber Deception to Counter an Evolving and Advanced Threat Landscape

Organizations must be prepared to root out bad actors by any means possible, even if it means setting traps and stringing lures.

Cyberattackers Selling Access to Networks Compromised via Recent Fortinet Flaw

The vulnerability, disclosed In October, gives an unauthenticated attacker a way to take control of an affected product.

Crucial Tips for Secure Form Submissions

By Waqas Ensuring that the forms you – or your clients – use to send and receive information via your… This is a post from HackRead.com Read the original post: Crucial Tips for Secure Form Submissions

Fake COVID-19 Tracking App Spreads Punisher Ransomware

By Deeba Ahmed Currently, the new campaign involving Punisher ransomware is targeting users in Chile. This is a post from HackRead.com Read the original post: Fake COVID-19 Tracking App Spreads Punisher Ransomware