#web

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4045: The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another s...

We've seen threat actors utilize every chance they get to steal sensitive data, to be used in future attacks and/or to manipulate victims into paying up before their data ends up on the dark web.

Categories: News Categories: Personal Tags: Children Tags: identity Tags: theft Tags: protection Tags: SSN Tags: COPPA Identity theft is a serious problem, especially when it affects children. (Read more...) The post How to protect your child's identity appeared first on Malwarebytes Labs.

1. EXECUTIVE SUMMARY ​CVSS v3 7.5 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Mitsubishi Electric ​Equipment: GT Designer3, GOT2000 Series, GOT SIMPLE Series, and GT SoftGOT2000 ​Vulnerability: Weak Encoding for Password 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following Mitsubishi Electric products are affected when either of the following cases apply:  ​The case of transferring data with GT Designer3 Version1(GOT2000) listed below and GOT2000 Series or GOT SIMPLE Series listed below with the Data Transfer Security function enabled.  ​The case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 listed below and GOT2000 series listed below with the Data Transfer Security function enabled.  ​GT Designer3 Version1 (GOT2000): v1.295...

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: TEL-STER Sp. z o. o. Equipment: TelWin SCADA WebInterface Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to read files on the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS TEL-STER reports this vulnerability affects the following versions of TelWin SCADA WebInterface: TelWin SCADA WebInterface: versions 3.2 to 6.1 TelWin SCADA WebInterface: versions 7.0 to 7.1 TelWin SCADA WebInterface: versions 8.0 and 9.0 3.2 VULNERABILITY OVERVIEW 3.2.1 PATH TRAVERSAL CWE-35 External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system. CVE-2023-0956 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been ...

1. EXECUTIVE SUMMARY ​CVSS v3 5.9 ​ATTENTION: Exploitable remotely ​Vendor: Mitsubishi Electric ​Equipment: GOT2000 Series and GOT SIMPLE Series ​Vulnerability: Predictable Exact Value from Previous Values 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow an attacker to hijack data connections or prevent legitimate users from establishing data connections. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​Mitsubishi Electric reports this vulnerability affects the following HMIs when using the “FTP server” function: ​GOT2000 Series, GT21 model: versions 01.49.000 and prior ​GOT SIMPLE, GS21 model: versions 01.49.000 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 ​PREDICTABLE EXACT VALUE FROM PREVIOUS VALUES CWE-342 ​A denial-of-service and spoofing (session hijacking of data connections) vulnerability exists in the FTP server function on GOT2000 series and GOT SIMPLE series because the port number of a data connection can be easily guessed due to predictable exact valu...

1. EXECUTIVE SUMMARY ​CVSS v3 7.1 ​ATTENTION: Low attack complexity ​Vendor: Sensormatic Electronics, LLC, a subsidiary of Johnson Controls Inc. ​Equipment: VideoEdge ​Vulnerability: Acceptance of Extraneous Untrusted Data with Trusted Data 2. RISK EVALUATION ​Successful exploitation of this vulnerability could allow a local user to edit the VideoEdge configuration file and interfere with VideoEdge operation. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​The following Sensormatic Electronics, a subsidiary of Johnson Controls Inc, products are affected:  ​VideoEdge: Versions prior to 6.1.1 3.2 VULNERABILITY OVERVIEW 3.2.1 ​ACCEPTANCE OF EXTRANEOUS UNTRUSTED DATA WITH TRUSTED DATA CWE-349 ​In Sensormatic VideoEdge versions prior to 6.1.1, a local user could edit the VideoEdge configuration file and interfere with VideoEdge operation. ​CVE-2023-3749 has been assigned to this vulnerability. A CVSS v3 base score of 7.1 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:...

By Waqas The group of Russian hackers involved in this attack is Midnight Blizzard (aka NOBELIUM). This is a post from HackRead.com Read the original post: Russian Midnight Blizzard Hackers Hit MS Teams in Precision Attack

A hacktivist group known as Mysterious Team Bangladesh has been linked to over 750 distributed denial-of-service (DDoS) attacks and 78 website defacements since June 2022. "The group most frequently attacks logistics, government, and financial sector organizations in India and Israel," Singapore-headquartered cybersecurity firm Group-IB said in a report shared with The Hacker News. "The group is

Categories: Awareness Categories: News Tags: phishing Tags: amp Tags: url Tags: captcha Tags: redirection Researchers have found a new phishing tactic that uses Google Accelerated Mobile Pages (AMP) URLs to look trustworthy (Read more...) The post Phishing campaigns are using AMP URLs to avoid detection appeared first on Malwarebytes Labs.