#web

By Waqas Hundreds of thousands of UK student records exposed in software firm's server leak putting names, grades, and photos at risk - Learn more about the school software breach and how to protect your child's information. This is a post from HackRead.com Read the original post: Trove of UK Student Records Exposed in School Software Server Leak

Considering the ever-changing state of cybersecurity, it's never too late to ask yourself, "am I doing what's necessary to keep my organization's web applications secure?" The continuous evolution of technology introduces new and increasingly sophisticated threats daily, posing challenges to organizations all over the world and across the broader spectrum of industries striving to maintain

Google has released an update for Chrome to fix seven security vulnerabilities.

A WIRED investigation uncovered coordinates collected by a controversial data broker that reveal sensitive information about visitors to an island once owned by Epstein, the notorious sex offender.

### Impact: The mergeDeep() function in the web3-utils package has been identified for Prototype Pollution vulnerability. An attacker has the ability to modify an object's prototype, which could result in changing the behavior of all objects that inherit from the impacted prototype by providing carefully crafted input to function. ### Patches: It has been fixed in web3-utils version 4.2.1 so all packages and apps depending on web3-utils >=4.0.1 and <=4.2.0 should upgrade to web3-utils 4.2.1. ### Workarounds: None

By Waqas Google’s Threat Analysis Group (TAG) reports a concerning rise in zero-day exploits and increased activity from state-backed hackers.… This is a post from HackRead.com Read the original post: Google TAG Reports Zero-Day Surge and Rise of State Hacker Threats

Multiple university departments linked to the Clinical School Computing Service have been inaccessible for a month. The university has not revealed the nature of the “malicious activity.”

By Uzair Amir After raising $2.5 million in its latest seed funding round, Unstable Protocol is on a mission to transform… This is a post from HackRead.com Read the original post: DeFi Protocol Unstable Raises $2.5M to Drive LRTfi Sector Forward

By Waqas As seen by Hackread.com, the INC ransomware gang claims to have obtained patient records as part of their cyberattack. This is a post from HackRead.com Read the original post: INC Ransomware Hits NHS Scotland, Threatens Leak of 3TB Patient Data

This Metasploit module exploits two vulnerabilities in Sharepoint 2019 - an authentication bypass as noted in CVE-2023-29357 which was patched in June of 2023 and CVE-2023-24955 which was a remote command execution vulnerability patched in May of 2023. The authentication bypass allows attackers to impersonate the Sharepoint Admin user. This vulnerability stems from the signature validation check used to verify JSON Web Tokens (JWTs) used for OAuth authentication. If the signing algorithm of the user-provided JWT is set to none, SharePoint skips the signature validation step due to a logic flaw in the ReadTokenCore() method. After impersonating the administrator user, the attacker has access to the Sharepoint API and is able to exploit CVE-2023-24955. This authenticated remote command execution vulnerability leverages the impersonated privileged account to replace the /BusinessDataMetadataCatalog/BDCMetadata.bdcm file in the webroot directory with a payload. The payload is then compiled...