Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

Malicious PyPI Packages Drop Malware in New Supply Chain Attack

By Deeba Ahmed These packages were uploaded between the 7th and 12th of January 2023 with the names "colorslib," "httpslib," and "libhttps." This is a post from HackRead.com Read the original post: Malicious PyPI Packages Drop Malware in New Supply Chain Attack

HackRead
Open in Source
#windows#microsoft#linux#git#ruby
CVE-2023-21719: Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

Update now! Two critical flaws in Git's code found, patched

CVE-2022-23521 and CVE-2022-41903 are critical flaws present in Git's code. Thankfully, they’ve been addressed in its latest version. (Read more...) The post Update now! Two critical flaws in Git's code found, patched appeared first on Malwarebytes Labs.

CVE-2022-45927: Pre-authenticated Remote Code Execution via Java frontend and QDS endpoint (OpenText™ Extended ECM)

An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code.

CVE-2022-45923: Pre-authenticated Remote Code Execution in cs.exe (OpenText™ Server Component)

An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Common Gateway Interface (CGI) program cs.exe allows an attacker to increase/decrease an arbitrary memory address by 1 and trigger a call to a method of a vftable with a vftable pointer value chosen by the attacker.

CVE-2022-45922: Multiple post-authentication vulnerabilities including RCE (OpenText™ Extended ECM)

An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowing the password.

Threat Actors Spreading NjRAT in New “Earth Bogle” Campaign

By Deeba Ahmed The campaign is active, and currently, threat actors are targeting victims with NjRAT (also known as Bladabindi) in the Middle East and North Africa. This is a post from HackRead.com Read the original post: Threat Actors Spreading NjRAT in New “Earth Bogle” Campaign

Earth Bogle Campaign Unleashes NjRAT Trojan on Middle East and North Africa

An ongoing campaign dubbed Earth Bogle is leveraging geopolitical-themed lures to deliver the NjRAT remote access trojan to victims across the Middle East and North Africa. "The threat actor uses public cloud storage services such as files[.]fm and failiem[.]lv to host malware, while compromised web servers distribute NjRAT," Trend Micro said in a report published Wednesday. Phishing emails,

Lares Research Highlights Top 5 Penetration Test Findings From 2022

Range of Addressable Concerns Includes "Brute Forcing Accounts with Weak Passwords" and "Excessive File System Permissions."

Iranian Government Entities Under Attack by New Wave of BackdoorDiplomacy Attacks

The threat actor known as BackdoorDiplomacy has been linked to a new wave of attacks targeting Iranian government entities between July and late December 2022. Palo Alto Networks Unit 42, which is tracking the activity under its constellation-themed moniker Playful Taurus, said it observed the government domains attempting to connect to malware infrastructure previously identified as associated