Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2023-26918: File Replication Pro- RealTime, Secure, Offsite Backup & File Sync

Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:(F) access.

CVE
#web#mac#windows#linux#git
Deploying confidential containers on the public cloud

<p>In this article we will describe how Microsoft and Red Hat are collaborating in the open source community to show how Red Hat <a href="https://www.redhat.com/en/technologies/cloud-computing/openshift">OpenShift</a> can be deployed on <a href="https://aka.ms/azurecc">Azure Confidential Computing</a> for providing confidential container capabilities to its users. For this purpose, OpenShift uses the <a href="https://www.redhat.com/en/blog/learn-openshift-sandboxed-containe

CVE-2023-27748: DR750-2CH IR LTE (JP)

BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded firmware. This can allow attackers to upload crafted firmware which contains backdoors and enables arbitrary code execution.

CVE-2023-26416: Adobe Security Bulletin

Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE-2023-22948: Announcements

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access to an SSH private key. Any code that runs as the tigergraph user is able to read the SSH private key. With this, an attacker is granted password-less SSH access to all machines in the TigerGraph cluster.

The Hacking of ChatGPT Is Just Getting Started

Security researchers are jailbreaking large language models to get around safety rules. Things could get much worse.

Ubuntu Security Notice USN-6014-1

Ubuntu Security Notice 6014-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.

Ransomware review: April 2023

Categories: Ransomware Categories: Threat Intelligence Cl0p was the most used ransomware in March 2023, dethroning the usual frontrunner LockBit, after breaching over 104 organizations with a zero-day vulnerability. (Read more...) The post Ransomware review: April 2023 appeared first on Malwarebytes Labs.

CVE-2023-2021: 3.0.3 · nilsteampassnet/TeamPass@77c541a

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.3.