Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

A week in security (January 16—22)

Categories: News Tags: Google Tags: Rust Tags: Chromium Tags: Mailchimp Tags: SweepWizard Tags: bossware Tags: TikTok Tags: surveillance firm Tags: Voyager Labs Tags: TracketPacer Tags: Facebook Tags: Instagram Tags: Vice Society Tags: Liquor Control Board of Ontario Tags: Zoho ManageEngine Tags: GitHub Tags: LastPass Tags: Git flaw Tags: ransomware Tags: credit card fraud The most interesting security related news from the week of January 16-22. (Read more...) The post A week in security (January 16—22) appeared first on Malwarebytes Labs.

Malwarebytes
Open in Source
#ios#android#mac#windows#google#git#acer#chrome
Backdoor into FortiOS: Chinese Threat Actors Utilize 0-Day

By Deeba Ahmed Chinese hackers are exploiting a previously patched vulnerability found in Fortinet FortiOS SSL-VPN by using new malware called BOLDMOVE. This is a post from HackRead.com Read the original post: Backdoor into FortiOS: Chinese Threat Actors Utilize 0-Day

CVE-2023-22617: Changelogs for 4.8.X — PowerDNS Recursor documentation

A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM fallback mode. This is fixed in 4.8.1.

CVE-2023-24040: vulns/HNS-2022-01-dtprintinfo.txt at main · hnsecurity/vulns

** UNSUPPORTED WHEN ASSIGNED ** dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser of lpstat (an invoked external command) during listing of the names of available printers. This allows low-privileged local users to inject arbitrary printer names via the $HOME/.printers file. This injection allows those users to manipulate the control flow and disclose memory contents on Solaris 10 systems. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Threat Round up for January 13 to January 20

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 13 and Jan. 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

CVE-2023-24025: GitHub - PQClean/PQClean at d03da3053491e767ef842deaef43fc5bdb6bc911

CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may allow universal forgeries of digital signatures via a template side-channel attack because of intermediate data leakage of one vector.

CVE-2021-29368: Session Fixation in CuppaCMS · Issue #8 · CuppaCMS/CuppaCMS

Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297 on November 12, 2019 allows attackers to gain access to arbitrary user sessions.

CVE-2020-23256: Electron has serious security vulnerability · Issue #1686 · electerm/electerm

An issue was discovered in Electerm 1.3.22, allows attackers to execute arbitrary code via unverified request to electerms service.

Microsoft Innovations for 2023: What to Look Out for This Year

By Owais Sultan This article will highlight some of the most significant Microsoft innovations that could make an impact in 2023 and beyond. This is a post from HackRead.com Read the original post: Microsoft Innovations for 2023: What to Look Out for This Year