#web

A researcher received a $5,500 bug bounty for discovering a vulnerability (CVE-2024-2879) in LayerSlider, a plug-in with more than a million active installations.

The Positron Broadcast Digital Signal Processor TRA7005 version 1.20 suffers from an authentication bypass through a direct and unauthorized access to the password management functionality. The vulnerability allows attackers to bypass Digest authentication by manipulating the password endpoint _Passwd.html and its payload data to set a user's password to arbitrary value or remove it entirely. This grants unauthorized access to protected areas (/user, /operator, /admin) of the application without requiring valid credentials, compromising the device's system security.

Ubuntu Security Notice 6710-2 - USN-6710-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Manfred Paul discovered that Firefox did not properly perform bounds checking during range analysis, leading to an out-of-bounds write vulnerability. A attacker could use this to cause a denial of service, or execute arbitrary code. Manfred Paul discovered that Firefox incorrectly handled MessageManager listeners under certain circumstances. An attacker who was able to inject an event handler into a privileged object may have been able to execute arbitrary code.

User Registration and Login and User Management System version 3.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

WordPress Membership for WooCommerce plugin versions prior to 2.1.7 suffer from a remote shell upload vulnerability.

A cybercrook who has been setting up websites that mimic the self-destructing message service Privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers.

Tokyo-based eyeglass and medical lens-maker Hoya said the attack has halted production processes in some locations as well as an ordering system for some of its products.

By Waqas A new ransomware group, Red CryptoApp (Red Ransomware Group), is shaking things up. Unlike others, they humiliate victims by publishing their names on a "wall of shame." Learn how Red CryptoApp targets victims, what industries are at risk, and how to protect yourself. This is a post from HackRead.com Read the original post: New Red Ransomware Group (Red CryptoApp) Exposes Victims on Wall of Shame

By Cyber Newswire Center Identity, a pioneering cybersecurity company, is excited to unveil its patented secret location authentication, reshaping how businesses… This is a post from HackRead.com Read the original post: Center Identity Launches Patented Passwordless Authentication for Businesses

Cybercriminals are using AI to impersonate small businesses. Security architects are using it to help small businesses fight back.