Security
Headlines
HeadlinesLatestCVEs

Tag

#web

LastPass Dodges Deepfake Scam: CEO Impersonation Attempt Thwarted

By Waqas Cybercriminals using deepfakes to target businesses! LastPass narrowly avoids security breach after employee identifies fake CEO in WhatsApp call. Read how LastPass is urging awareness against evolving social engineering tactics. This is a post from HackRead.com Read the original post: LastPass Dodges Deepfake Scam: CEO Impersonation Attempt Thwarted

HackRead
Open in Source
#web#ios#sap
GHSA-6363-v5m4-fvq3: timber/timber vulnerable to Deserialization of Untrusted Data

### Summary Timber is vulnerable to [PHAR deserialization](https://portswigger.net/web-security/deserialization/exploiting#phar-deserialization) due to a lack of checking the input before passing it into the` file_exists()` function. If an attacker can upload files of any type to the server, he can pass in the `phar://` protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution especially when Timber is used with frameworks with documented POP chains like Wordpress/ vulnerable developer code. ### Details The vulnerability lies in the run function within the `toJpg.php` file. The two parameters passed into it are not checked or sanitized, hence an attacker could potentially inject malicious input leading to Deserialization of Untrusted Data, allowing for remote code execution: ![image](https://github.com/timber/timber/assets/89630690/bcd6d031-33c6-4cc5-96b7-b72f0cf0e26c) ### PoC Setup the following code in `/var/www/html`: `...

WordPress Playlist For Youtube 1.32 Cross Site Scripting

WordPress Playlist for Youtube plugin version 1.32 suffers from a persistent cross site scripting vulnerability.

MinIO Privilege Escalation

MinIO versions prior to 2024-01-31T20-20-33Z suffer from a privilege escalation vulnerability.

Red Hat Security Advisory 2024-1795-03

Red Hat Security Advisory 2024-1795-03 - VolSync v0.9.1 general availability release images, which provide enhancements, security fixes, and updated container images.

Red Hat Security Advisory 2024-1787-03

Red Hat Security Advisory 2024-1787-03 - An update for squid is now available for Red Hat Enterprise Linux 7. Issues addressed include buffer over-read, denial of service, and null pointer vulnerabilities.

Red Hat Security Advisory 2024-1786-03

Red Hat Security Advisory 2024-1786-03 - An update for the httpd:2.4 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

5 Best CAPTCHA Plugins for WordPress Websites

By Waqas Here's an updated list of five effective CAPTCHA plugins for WordPress that can help enhance the security of your website by preventing spam and bot activities: This is a post from HackRead.com Read the original post: 5 Best CAPTCHA Plugins for WordPress Websites

Sneaky Credit Card Skimmer Disguised as Harmless Facebook Tracker

Cybersecurity researchers have discovered a credit card skimmer that's concealed within a fake Meta Pixel tracker script in an attempt to evade detection. Sucuri said that the malware is injected into websites through tools that allow for custom code, such as WordPress plugins like Simple Custom CSS and JS or the "Miscellaneous Scripts" section of the Magento admin panel. "

GHSA-pww3-x2g7-x8q2: Reportico affected by Incorrect Access Control

An issue discovered in Reportico Till 8.1.0 allows attackers to obtain sensitive information via execute_mode parameter of the URL.