#web

Scammers use fake Binance wallet emails to lure users with TRUMP Coin, but instead, they install malware that grants hackers full control over victims' devices.

### Summary There's a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to accept an unsigned message. I believe that it exists for v4 only. I have not yet developed a PoC. V5 is well designed and instead builds the signed query from the same message that will be consumed. ### Details #### What is verified The data['SignedQuery'] is the string that will be verified by the public key. It is defined here: https://github.com/simplesamlphp/saml2/blob/9545abd0d9d48388f2fa00469c5c1e0294f0303e/src/SAML2/HTTPRedirect.php#L178-L217 THe code will iterate through each parameter name. Notably, sigQuery is overridden each time when processing, making the last of SAMLRequest/SAMLResponse used for sigQuery. For example, given: SAMLRequest=a&SAMLResponse=idpsigned SAMLResponse=idpsigned will be set as sigQuery, then later verified #### What is actually processed Processing uses SAMLReques...

### Impact An improper API access control issue has been identified, allowing low-privilege, authenticated users to create and update data type information that should be restricted to users with access to the settings section. ### Patches Will be patched in 14.3.3 and 15.2.3. ### Workarounds None available.

Elon Musk said a “massive cyberattack” disrupted X on Monday and pointed to “IP addresses originating in the Ukraine area” as the source of the attack. Security experts say that's not how it works.

Fake Elon Musk endorsements are used in SMS campaigns to sell bogus energy-saving devices. Learn how to spot…

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Low attack complexity Vendor: Schneider Electric Equipment: Uni-Telway Driver Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform a denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports the following products are affected: Schneider Electric Uni-Telway Driver: All versions Schneider Electric Uni-Telway Driver installed on Control Expert: All versions Schneider Electric Uni-Telway Driver installed on Process Expert: All versions Schneider Electric Uni-Telway Driver installed on Process Expert for AVEVA System Platform: All versions Schneider Electric Uni-Telway Driver installed on OPC Factory Server: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER INPUT VALIDATION CWE-20 Schneider Electric Uni-Telway Driver is vulnerable to an improper input validation vulnerability that could cause denial-of-service of e...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Optigo Networks Equipment: Visual BACnet Capture Tool, Optigo Visual Networks Capture Tool Vulnerabilities: Use of Hard-coded, Security-relevant Constants, Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, gain control over the products, or impersonate the web applications. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool are affected: Visual BACnet Capture Tool: Version 3.1.2rc11 Optigo Visual Networks Capture Tool: Version 3.1.2rc11 3.2 VULNERABILITY OVERVIEW 3.2.1 USE OF HARD-CODED, SECURITY-RELEVANT CONSTANTS CWE-547 Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain a hard coded secret key. This c...

New episode “In the Trend of VM” (#12): 8 February CVEs & Why the Darknet Matters for VM Specialists. Now with a new design and new video editing. 😉 📹 Video on YouTube and LinkedIn🗞 Post on Habr (rus)🗒 Digest on the PT website Content: 🔻 00:00 Greetings 🔻 00:23 Remote Code Execution – Windows […]

The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, to be loaded and executed during model loading.

**According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the **Attack Vector** is **Local** and **User Interaction** is **Required**, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.