Security
Headlines
HeadlinesLatestCVEs

Tag

#pdf

CVE-2023-36619

Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of administrative scripts by unauthenticated users.

CVE
Open in Source
#pdf#auth
Stream-Jacking: Malicious YouTube Livestreams Aid Malware, Crypto Scams

By Deeba Ahmed Bitdefender reports a surge in Stream-Jacking attacks on popular YouTube channels, distributing crypto scams and information stealers such as Redline. This is a post from HackRead.com Read the original post: Stream-Jacking: Malicious YouTube Livestreams Aid Malware, Crypto Scams

CVE-2023-2544: Authorization Bypass Upv Peix | INCIBE-CERT

Authorization bypass vulnerability in UPV PEIX, affecting the component "pdf_curri_new.php". Through a POST request, an authenticated user could change the ID parameter to retrieve all the stored information of other registered users.

CVE-2023-28373: Security Bulletin for FlashArray SafeMode Immutable Vulnerability CVE-2023-28373

A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.

CVE-2023-36628: Security Bulletin for Privilege Escalation in VASA CVE-2023-36628

A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.

Crypto Industry Lost $685 Million in Q3 2023, 30% by Lazarus Group

By Waqas Immunefi Crypto Losses Report: Q3 2023 Sees Highest Losses of the Year. This is a post from HackRead.com Read the original post: Crypto Industry Lost $685 Million in Q3 2023, 30% by Lazarus Group

Russian Court Jails Crypto Money Launderer for 12 Years

By Waqas A Russian crypto money launderer and drug trafficker has been sentenced to 11.5 years by the Ryazan region of Russia. This is a post from HackRead.com Read the original post: Russian Court Jails Crypto Money Launderer for 12 Years

A Closer Look at the Snatch Data Ransom Group

Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang's internal operations. Today, we'll take a closer look at the history of Snatch, its alleged founder, and their claims that everyone has confused them with a different, older ransomware group by the same name.

Lazarus APT Exploiting LinkedIn to Target Spanish Aerospace Firm

By Deeba Ahmed Previously, when the group exploited LinkedIn, it managed to pilfer a staggering $625 million from the Ronin Network (RON) blockchain network. This is a post from HackRead.com Read the original post: Lazarus APT Exploiting LinkedIn to Target Spanish Aerospace Firm

CVE-2023-5277: Engineers-Online-Portal-System/Engineers Online Portal System has a file upload (RCE) vulnerability.pdf at main · llixixi/Engineers-Online-Portal-System

A vulnerability, which was classified as critical, has been found in SourceCodester Engineers Online Portal 1.0. This issue affects some unknown processing of the file student_avatar.php. The manipulation of the argument change leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240905 was assigned to this vulnerability.