#web

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: FactoryTalk Activation Manager Vulnerabilities: Out-of-Bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in a buffer overflow and allow the attacker to gain full access to the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Factory Talk are affected: Factory Talk: V4.00 (Utilizes Wibu-Systems CodeMeter 3.2 Vulnerability Overview 3.2.1 OUT-OF-BOUNDS WRITE CWE-787 Rockwell Automation FactoryTalk Activation Manager and Studio 5000 Logix Designer uses the affected Wibu-Systems' products which internally use a version of libcurl that is vulnerable to a buffer overflow attack if curl is configured to redirect traffic through a SOCKS5 proxy. A malicious proxy can exploit a bug in the implemented handshake to cause a buffer overflow. If no SOCKS5 proxy has been configured, there is no att...

The threat actor known as UAC-0050 is leveraging phishing attacks to distribute Remcos RAT using new strategies to evade detection from security software. "The group's weapon of choice is Remcos RAT, a notorious malware for remote surveillance and control, which has been at the forefront of its espionage arsenal," Uptycs security researchers Karthick Kumar and Shilpesh Trivedi said in

minaliC version 2.0.0 suffers from a denial of service vulnerability.

### Summary The implementation did not validate the legitimacy of the `email` attribute of the user nor did it give/document an option to do so, making it susceptible to [nOAuth](https://www.descope.com/blog/post/noauth) misconfiguration in cases when the `email` is used as a trusted user identifier

### Impact The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. `wrangler dev` would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate `Origin`/`Host` headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If `wrangler dev --remote` was being used, an attacker could access production resources if they were bound to the worker. ### Patches This issue was fixed in `[email protected]` and `[email protected]`. Whilst `wrangler dev`'s inspector server listens on local interfaces by default as of `[email protected]`, an [SSRF vulnerability in `miniflare`](https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7) allowed access from the local network until `[email protected]...

### Impact Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file. ### Patches This issue was fixed in `[email protected]`. Wrangler will now only serve files that are part of your bundle, or referenced by your bundle's source maps. ### Workarounds Configure Wrangler to listen on local interfaces instead with `wrangler dev --ip 127.0.0.1`. This is the [default as of `[email protected]`](https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-f8mp-x433-5wpf), and removes the local network as an attack vector, but does not prevent an attack from visiting a malicious website. ### References - https://github.com/cloudflare/workers-sdk/pull/4532 - https://github.com/cloudflare/workers-sdk/pull/4535

By Deeba Ahmed Buy Your Verified Scam: Researchers Expose Twitter Gold Account Black Market. This is a post from HackRead.com Read the original post: Scammers Selling Twitter (X) Gold Accounts Fueling Disinfo, Phishing

Microsoft decided to disable App Installer links by default after it noticed several access brokers using the handler to spread malware.

Europols’s spotlight report ‘Online fraud schemes: a web of deceit’, identifies investment fraud as a major threat.

WebCalendar version 1.3.0 suffers from reflective and persistent cross site scripting vulnerabilities.