Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Thousands of Australian Businesses Targeted With 'Reliable' Agent Tesla RAT

Latest campaign underscores wide-ranging functionality and staying power of a decade-old piece of information-stealing malware.

DARKReading
Open in Source
#web#mac#windows#microsoft#auth
New Latrodectus Downloader Malware Linked to IcedID and Qbot Creators

By Waqas Another day, another malware threat! This is a post from HackRead.com Read the original post: New Latrodectus Downloader Malware Linked to IcedID and Qbot Creators

Bing ad for NordVPN leads to SecTopRAT

Threat actors are luring victims to a fake NordVPN website that installs a Remote Access Trojan.

There are plenty of ways to improve cybersecurity that don’t involve making workers return to a physical office

An April 2023 study from Kent State University found that remote workers are more likely to be vigilant of security threats and take actions to ward them off than their in-office counterparts.

5 Best Crypto Marketing Agencies for Web3 Security Brands in 2024

By Uzair Amir It seems each week brings news of another attack – millions drained from DeFi protocols, NFTs swiped, and… This is a post from HackRead.com Read the original post: 5 Best Crypto Marketing Agencies for Web3 Security Brands in 2024

Critical Security Flaw Exposes 1 Million WordPress Sites to SQL Injection

A researcher received a $5,500 bug bounty for discovering a vulnerability (CVE-2024-2879) in LayerSlider, a plug-in with more than a million active installations.

Positron Broadcast Signal Processor TRA7005 1.20 Authentication Bypass

The Positron Broadcast Digital Signal Processor TRA7005 version 1.20 suffers from an authentication bypass through a direct and unauthorized access to the password management functionality. The vulnerability allows attackers to bypass Digest authentication by manipulating the password endpoint _Passwd.html and its payload data to set a user's password to arbitrary value or remove it entirely. This grants unauthorized access to protected areas (/user, /operator, /admin) of the application without requiring valid credentials, compromising the device's system security.

Ubuntu Security Notice USN-6710-2

Ubuntu Security Notice 6710-2 - USN-6710-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Manfred Paul discovered that Firefox did not properly perform bounds checking during range analysis, leading to an out-of-bounds write vulnerability. A attacker could use this to cause a denial of service, or execute arbitrary code. Manfred Paul discovered that Firefox incorrectly handled MessageManager listeners under certain circumstances. An attacker who was able to inject an event handler into a privileged object may have been able to execute arbitrary code.

User Registration And Login And User Management System 3.2 SQL Injection

User Registration and Login and User Management System version 3.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

WordPress Membership For WooCommerce Shell Upload

WordPress Membership for WooCommerce plugin versions prior to 2.1.7 suffer from a remote shell upload vulnerability.