Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Various Botnets Pummel Year-Old TP-Link Flaw in IoT Attacks

Moobot, Miori, AGoent, and a Gafgyt variant have joined the infamous Mirai botnet in attacking unpatched versions of vulnerable Wi-Fi routers.

DARKReading
Open in Source
#vulnerability#web#linux#cisco#ddos#dos#botnet#auth#wifi
Preparing for Cyber Warfare: 6 Key Lessons From Ukraine

Having a solid disaster recovery plan is the glue that keeps your essential functions together when all hell breaks loose.

Why a Native-First Approach Is Key to Cloud Security

A native-first approach delivers better protections and a more efficient use of resources than best-of-breed solutions, benefiting cloud service providers and end-user customers alike.

Access Limitless Global Content: How Residential Proxies Enable It 

By Uzair Amir Residential proxies bypass geo-restrictions, unlocking global content & websites. Enjoy unrestricted browsing, enhanced privacy, and a world of opportunity for business and personal use. Explore residential proxies today! This is a post from HackRead.com Read the original post: Access Limitless Global Content: How Residential Proxies Enable It

OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal

The documents contained malicious VBA code, indicating they may be used as lures to infect organizations.

Cyberattacks Surge 325% in Philippines Amid South China Sea Standoff

By Deeba Ahmed The Philippines finds itself under an online siege as tensions escalate in the South China Sea (SCS) with China, claims cybersecurity firm Resecurity.  This is a post from HackRead.com Read the original post: Cyberattacks Surge 325% in Philippines Amid South China Sea Standoff

Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services

Cisco is warning about a global surge in brute-force attacks targeting various devices, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services, since at least March 18, 2024. "These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies," Cisco Talos said. Successful attacks could

GHSA-6ppg-rgrg-f573: Dolibarr vulnerable to Cross-Site Request Forgery

Incorrect access control in Dolibarr ERP CRM versions 19.0.0 and before, allows authenticated attackers to steal victim users' session cookies and CSRF protection tokens via user interaction with a crafted web page, leading to account takeover.

GHSA-g7xq-xv8c-h98c: Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags

### Summary There is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. Our filter to detect and prevent the use of the `javascript:` URL scheme in the `href` attribute of an `<a>` tag could be bypassed with tab `\t` or newline `\n` characters between the characters of the protocol, e.g. `java\tscript:`. ### Impact If you render an `<a>` tag with an `href` attribute set to a user-provided link, that link could potentially execute JavaScript when clicked by another user. ```ruby a(href: user_profile) { "Profile" } ``` ### Mitigation The best way to mitigate this vulnerability is to update to one of the following versions: - [1.10.1](https://rubygems.org/gems/phlex/versions/1.10.1) - [1.9.2](https://rubygems.org/gems/phlex/versions/1.9.2) - [1.8.3](https://rubygems.org/gems/phlex/versions/1.8.3) - [1.7.2](https://rubygems.org/gems/phlex/versions/1.7.2) - [1.6.3](https://rubygems.org/gems/phlex/versions/1.6.3) - [1.5.3](htt...