Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

New Ongoing Campaign Targets npm Ecosystem with Unique Execution Chain

Cybersecurity researchers have discovered a new ongoing campaign aimed at the npm ecosystem that leverages a unique execution chain to deliver an unknown payload to targeted systems. "The packages in question seem to be published in pairs, each pair working in unison to fetch additional resources which are subsequently decoded and/or executed," software supply chain security firm Phylum said in

The Hacker News
Open in Source
#mac#windows#linux#nodejs#The Hacker News
RHSA-2023:3814: Red Hat Security Advisory: Migration Toolkit for Runtimes security update

An update is now available for Migration Toolkit for Runtimes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2798: A flaw was found in HtmlUnit. This issue may allow a malicious user to supply content to htmlUnit, which could cause a crash by stack overflow, leading to a Denial of Service (DoS). * CVE-2023-22899: A flaw was found in Zip4j. In this issue, it does not always check the MAC when decrypting a ZIP archive.

The Night 17 Million Precious Military Records Went Up in Smoke

Fifty years ago, a fire ripped through the National Personnel Records Center. It set off a massive project to save crucial pieces of American history—including, I hoped, my grandfather’s.

RHSA-2023:3811: Red Hat Security Advisory: python39:3.9 and python39-devel:3.9 security update

An update for the python39:3.9 and python39-devel:3.9 modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24329: A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.

RHSA-2023:3810: Red Hat Security Advisory: python27:2.7 security update

An update for the python27:2.7 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24329: A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity.

81% concerned about ChatGPT security and safety risks, Malwarebytes survey shows

Categories: News ChatGPT may have already hit its public perception wall, according to a Malwarebytes survey that showed high levels of distrust and concern in the tool's trustworthiness and safety. (Read more...) The post 81% concerned about ChatGPT security and safety risks, Malwarebytes survey shows appeared first on Malwarebytes Labs.

SupremeBot and Mario cross the finish line together

Categories: News Tags: Mario Tags: SupremBot Tags: XMR miner Tags: cryptominers Tags: mining client Tags: scheduled task Tags: C2 Download your games from trusted sources or you may get more than you bargained for... (Read more...) The post SupremeBot and Mario cross the finish line together appeared first on Malwarebytes Labs.

CVE-2023-35170: Merge pull request from GHSA-8jxm-xp43-qh3q · BishopFox/sliver@2d1ea61

Sliver is an open source cross-platform adversary emulation/red team framework. The cryptography implementation in Sliver up to and including version 1.5.39 allows a man in the middle (MitM) attack with access to the corresponding implant binary to execute arbitrary codes on implanted devices via intercepted and crafted responses. A successful attack grants the attacker permission to execute arbitrary code on the implanted device. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE-2022-40010: Tenda AC6 AC1200 15.03.06.50_multi Cross Site Scripting ≈ Packet Storm

Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi was discovered to contain a cross-site scripting (XSS) vulnerability via the deviceId parameter in the Parental Control module.

Vulnerability Spotlight: Use-after-free condition in Google Chrome WebGL

TALOS-2023-1724 (CVE-2023-1531) occurs if the user opens a specially crafted web page in Chrome.