Tag
Ubuntu Security Notice 5396-1 - It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service.
We take a look at a report which indicates younger generations are struggling with being able to spot scams, and why that might be. The post Why you should be taking security advice from your grandmother appeared first on Malwarebytes Labs.
Kremlin-linked actors have launched multiple assaults since invasion began
Lexmark products through 2022-02-10 have Incorrect Access Control.
The war in Ukraine appears to have triggered a change in mission for the APT known as Bronze President (aka Mustang Panda).
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-esapi.xml** configuration file that can cause "javascript:" URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the **antisamy-esapi.xml** configuration files to change the "onsiteURL" regular expression. More information about remediation of the vulnerability, including the workaround, is available in the maintainers' release notes and security bulletin.
When KrebsOnSecurity last month explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media and technology providers, many security experts called it a fundamentally unfixable problem. But don't tell that to Matt Donahue, a former FBI agent who recently quit the agency to launch a startup that aims to help tech companies do a better job screening out phony law enforcement data requests -- in part by assigning trustworthiness or "credit ratings" to law enforcement authorities worldwide.
A China-linked government-sponsored threat actor has been observed targeting Russian speakers with an updated version of a remote access trojan called PlugX. Secureworks attributed the attempted intrusions to a threat actor it tracks as Bronze President, and by the wider cybersecurity community under the monikers Mustang Panda, TA416, HoneyMyte, RedDelta, and PKPLUG. "The war in Ukraine has
A bank executive needs your help to move a client's inheritance. Yes, you read that right. The post “URGENT BUSINESS PROPOSAL!!!” 419 scammer wants your help to move someone’s inheritance appeared first on Malwarebytes Labs.
A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS).