Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Threat Roundup for October 13 to October 20

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 13 and Oct. 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

TALOS
Open in Source
#sql#vulnerability#web#mac#windows#google#microsoft#amazon#js#git#intel#botnet#chrome#firefox#sap
Ragnar Locker ransomware group taken down

Categories: News Categories: Ransomware Tags: ragnar locker Tags: europol Tags: eurojust One of the oldest active ransomware gangs has been taken down by an international cooperation of law enforcement agencies (Read more...) The post Ragnar Locker ransomware group taken down appeared first on Malwarebytes Labs.

Hackers Stole Access Tokens from Okta’s Support Unit

Okta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned. Okta says the incident affected a "very small number" of customers, however it appears the hackers responsible had access to Okta's support platform for at least two weeks before the company fully contained the intrusion.

New Windows Infostealer ‘ExelaStealer’ Being Sold on Dark Web

By Waqas Another day, another malware threat against Windows devices and users! This is a post from HackRead.com Read the original post: New Windows Infostealer ‘ExelaStealer’ Being Sold on Dark Web

CVE-2023-5688: DOM XSS in https://demo.modoboa.org/user/#profile/ in modoboa

Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.

CVE-2023-5687: Cross-Site Request Forgery Vulnerability in Logout Functionality in mosparo

Cross-Site Request Forgery (CSRF) in GitHub repository mosparo/mosparo prior to 1.0.3.

CVE-2023-5690: Cross-Site Request Forgery Vulnerability in Logout Functionality in modoboa

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2.

CVE-2023-3965: nsc <= 1.0 - Prototype Pollution to Reflected Cross-Site Scripting — Wordfence Intelligence

The nsc theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE-2023-3933: GitHub - BlackFan/client-side-prototype-pollution: Prototype Pollution and useful Script Gadgets

The Your Journey theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE-2023-3962: Winters <= 1.4.3 - Prototype Pollution to Reflected Cross-Site Scripting — Wordfence Intelligence

The Winters theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.