#perl

Cybercriminal rats are at play: Several food suppliers and distributors have experienced hundreds of thousands of dollars in losses after fulfilling fraudulently placed orders for food and ingredient shipments.

A memory corruption vulnerability exists in the VHD File Format parsing CXSPARSE record functionality of PowerISO PowerISO 8.3. A specially-crafted file can lead to an out-of-bounds write. A victim needs to open a malicious file to trigger this vulnerability.

Command injection vulnerability in nw_interface.html in SHARP multifunction printers (MFPs)'s Digital Full-color Multifunctional System 202 or earlier, 120 or earlier, 600 or earlier, 121 or earlier, 500 or earlier, 402 or earlier, 790 or earlier, and Digital Multifunctional System (Monochrome) 200 or earlier, 211 or earlier, 102 or earlier, 453 or earlier, 400 or earlier, 202 or earlier, 602 or earlier, 500 or earlier, 401 or earlier allows remote attackers to execute arbitrary commands via unspecified vectors.

Reality has a way of asserting itself, irrespective of any personal or commercial choices we make, good or bad. For example, just recently, the city services of Antwerp in Belgium were the victim of a highly disruptive cyberattack.  As usual, everyone cried "foul play" and suggested that proper cybersecurity measures should have been in place. And again, as usual, it all happens a bit too late.

By Habiba Rashid The TGP telecom giant based in North Ryde, Australia revealed that up to 15,000 iiNet and Westnet business customers have been impacted by the breach. This is a post from HackRead.com Read the original post: Hackers Breach TPG Telecoms’ Email Host to Steal Client Data

A vulnerability classified as problematic has been found in chbrown rfc6902. This affects an unknown part of the file pointer.ts. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The exploit has been disclosed to the public and may be used. The name of the patch is c006ce9faa43d31edb34924f1df7b79c137096cf. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215883.

A vulnerability classified as problematic has been found in chbrown rfc6902. This affects an unknown part of the file pointer.ts. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The exploit has been disclosed to the public and may be used. The name of the patch is c006ce9faa43d31edb34924f1df7b79c137096cf. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215883.

New research also analyzes the commoditization of adversary-in-the-middle attacks, JavaScript obfuscation in exploit kits, and a malware family with Gothic Panda ties.

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from a username persistent cross site scripting vulnerability.

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below suffer from an unauthenticated directory traversal file write vulnerability.