Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

The Feds Gear Up for a Privacy Crackdown

Plus: Cisco gets hit by ransomware, Twilio gets phished, a new way to fight email spammers, and much more.

Wired
Open in Source
#web#ios#apple#google#cisco#acer#auth#sap
A Single Flaw Broke Every Layer of Security in MacOS

An injection flaw allowed a researcher to access all files on a Mac. Apple issued a fix, but some machines may still be vulnerable.

Threat Roundup for August 5 to August 12

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 5 and Aug. 12. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net. For each threat described below, this blog post only lists 25...

CVE-2022-35585: Cross-site Scripting (XSS) - Stored in forkcms

A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "start_date" Parameter

CVE-2022-35587: Cross-site Scripting (XSS) - Generic in forkcms

A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_date" Parameter

CVE-2022-35589: Cross-site Scripting (XSS) - Generic in forkcms

A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_time" Parameter.

Sounding the Alarm on Emergency Alert System Flaws

The Department of Homeland Security (DHS) is urging states and localities to beef up security around proprietary devices that connect to the Emergency Alert System -- a national public warning system used to deliver important emergency information, such as severe weather and AMBER alerts. The DHS warning came in advance of a workshop to be held this weekend at the DEFCON security conference in Las Vegas, where a security researcher is slated to demonstrate multiple weaknesses in the nationwide alert system.

Viral video drives malvertising on social media platform

Tech support scammers are leveraging social media giant Facebook to lure users into clicking on a viral article. (Read more...) The post Viral video drives malvertising on social media platform appeared first on Malwarebytes Labs.

Novel Ransomware Comes to the Sophisticated SOVA Android Banking Trojan

Unusually, SOVA, which targets US users, now allows lateral movement for deeper data access. Version 5 adds an encryption capability.

Facebook’s In-app Browser on iOS Tracks ‘Anything You Do on Any Website’

Researcher shows how Instagram and Facebook’s use of an in-app browser within both its iOS apps can track interactions with external websites.