Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Microsoft Patch Tuesday February 2023: Win Graphics RCE, Edge RCE, Publisher SFB, CLFS EoP, Exchange RCEs, Word RCE, HoloLens1

Hello everyone! This episode will be about Microsoft Patch Tuesday for February 2023, including vulnerabilities that were added between January and February Patch Tuesdays. Alternative video link (for Russia): https://vk.com/video-149273431_456239118 This month I decided to change the format a bit. Now I share my impression of Microsoft Patch Tuesday on the same Patch Tuesday day […]

Alexander V. Leonov
Open in Source
#vulnerability#web#mac#windows#microsoft#git#rce#auth#wifi#blog
Security News This Week: Sensitive US Military Emails Exposed

Plus: Iran’s secret torture black sites, hacking a bank account with AI-generated voice, and Lance Bass’ unhinged encounter in Russia.

CVE-2023-26545

In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.

3 Ways Artificial Intelligence Is Transforming the Stock Market Landscape (and Making It More Secure)

By Owais Sultan The AI software market has rapidly grown over the past few years. And, based on expert forecasts, it’s… This is a post from HackRead.com Read the original post: 3 Ways Artificial Intelligence Is Transforming the Stock Market Landscape (and Making It More Secure)

Cryptojackers Deploy Trojanized Mac Apps on The Pirate Bay

By Deeba Ahmed All malicious apps for macOS identified by researchers were uploaded to The Pirate Bay by a user called "wtfisthat34698409672." This is a post from HackRead.com Read the original post: Cryptojackers Deploy Trojanized Mac Apps on The Pirate Bay

Debian Security Advisory 5360-1

Debian Linux Security Advisory 5360-1 - Xi Lu discovered that missing input sanitising in Emacs (in etags, the Ruby mode and htmlfontify) could result in the execution of arbitrary shell commands.

'New Class of Bugs' in Apple Devices Opens the Door to Complete Takeover

With the right kind of exploit, there's hardly any function, app, or bit of data an attacker couldn't access on your Mac, iPad, or iPhone.

CVE-2023-0585: Updates.php in all-in-one-seo-pack/tags/4.2.9/app/Common/Main – WordPress Plugin Repository

The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with Administrator role or above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

To Safeguard Critical Infrastructure, Go Back to Basics

CISA's recently released cybersecurity performance goals can help lower risk and thwart the impact of cyberattacks.

CVE-2023-0595: Security Notification - EcoStruxure Geo SCADA Expert Security | Schneider Electric

A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)