Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

CVE-2022-32550: Security advisory for 1Password apps and integrations

An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue allowed a malicious server to convince a 1Password app or integration it is communicating with the 1Password service.

CVE
Open in Source
#vulnerability#ios#android#mac#windows#linux#kubernetes#auth#docker#sap#ssl
CVE-2022-24127: REDCap Change Log - Eastern Virginia Medical School (EVMS), Norfolk, Hampton Roads

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. This issue allows any user with project management permissions to inject arbitrary code into the project title (app_title) field when editing an existing project. The payload is then reflected within the title tag of the page.

CVE-2022-22444: Security Bulletin: AIX is vulnerable to a denial of service due to lpd (CVE-2022-22444)

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploit a vulnerability in the lpd daemon to cause a denial of service. IBM X-Force ID: 224444.

Stealthy Symbiote Linux malware is after financial institutions

Symbiote, the latest malware to hit Linux users, is a parasite more than anything. Protect against this banking credential stealer now! The post Stealthy Symbiote Linux malware is after financial institutions appeared first on Malwarebytes Labs.

Hackers Using Web3 Backdoor Wallets to Steal Seed Phrases from iOS/Android Users

By Deeba Ahmed A Chinese-speaking, technically skilled threat actor distributes backdoored applications to extract cash from victims in the newly discovered… This is a post from HackRead.com Read the original post: Hackers Using Web3 Backdoor Wallets to Steal Seed Phrases from iOS/Android Users

CVE-2021-42675: Internetagentur für Konzept, Design, CMS & eCommerce. – Internetagentur für Konzept, Design, CMS & eCommerce.

Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution.

Instagram scam steals your selfies to trick your friends

Instagram users' IDs are being stolen in a scam aimed at luring their friends into signing up for expensive subscription services. The post Instagram scam steals your selfies to trick your friends appeared first on Malwarebytes Labs.

Linux Malware Deemed ‘Nearly Impossible’ to Detect

Symbiote, discovered in November, parasitically infects running processes so it can steal credentials, gain rootlkit functionality and install a backdoor for remote access.

CVE-2022-29482: Mobaoku-Auction & Flea Market App for iOS vulnerable to improper server certificate verification

'Mobaoku-Auction&Flea Market' App for iOS versions prior to 5.5.16 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.

CVE-2022-30189: Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability

**According to the CVSS metric confidentiality is High (C:H). What confidential information can be disclosed?** Exploiting this vulnerability will allow an attacker to access resources that are protected by conditional access policies based solely on device compliance state. For more information, please refer to Scenarios for using Conditional Access with Microsoft Intune - Microsoft Intune | Microsoft Docs.