Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

The rise of AI-powered criminals: Identifying threats and opportunities

A major area of impact of AI tools in cybercrime is the reduced need for human involvement in certain aspects of cybercriminal organizations.

TALOS
Open in Source
#vulnerability#web#mac#cisco#git#intel#auth
South African Power Supplier Hit by DroxiDat Malware

By Deeba Ahmed Cybersecurity researchers at Securelist have discovered a cyberattack against a power-generating firm in South Africa. Reportedly, the firm… This is a post from HackRead.com Read the original post: South African Power Supplier Hit by DroxiDat Malware

A new type of "freedom," or, tracking children with AirTags, with Heather Kelly: Lock and Code S04E17

Categories: Podcast This week on Lock and Code, we speak with Heather Kelly about why how parents are using AirTags to give their kids freedom. (Read more...) The post A new type of "freedom," or, tracking children with AirTags, with Heather Kelly: Lock and Code S04E17 appeared first on Malwarebytes Labs.

CVE-2023-40293: Dude, It’s my Car: How to develop intimacy with your car !

Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object.

CVE-2023-40295: Heap Overflows in Libboron v2.0.8 · Issue #3 · 0branch/boron

libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_strInitUtf8 at string.c.

CVE-2023-40274: LFI in zola serve · Issue #2257 · getzola/zola

An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The handle_request function, used by the server to process HTTP requests, does not account for sequences of special path control characters (../) in the URL when serving a file, which allows one to escape the webroot of the server and read arbitrary files from the filesystem.

RHSA-2023:4627: Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 6.2.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-46877: A flaw was found in Jackson Databind. This issue may allow a malicious user to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. * CVE-2022-4492: A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. This is a...

A week in security (August 7 - August 13)

Categories: News Tags: Zoom Tags: YouTube Tags: Chrome Tags: TikTok Tags: ransomware Tags: Cloudflare Tags: robocallers Tags: security advisor A list of topics we covered in the week of August 7 to August 13 of 2023 (Read more...) The post A week in security (August 7 - August 13) appeared first on Malwarebytes Labs.

CVE-2023-23208: Documentation:RN:gax90rn:gax9010515:9.0.x - Genesys Documentation

Genesys Administrator Extension (GAX) before 9.0.105.15 is vulnerable to Cross Site Scripting (XSS) via the Business Structure page of the iWD plugin, aka GAX-11261.

An Apple Malware-Flagging Tool Is ‘Trivially’ Easy to Bypass

The macOS Background Task Manager tool is supposed to spot potentially malicious software on your machine. But a researcher says it has troubling flaws.