Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Why You Need Continuous Network Monitoring?

Changes in the way we work have had significant implications for cybersecurity, not least in network monitoring. Workers no longer sit safely side-by-side on a corporate network, dev teams constantly spin up and tear down systems, exposing services to the internet. Keeping track of these users, changes and services is difficult – internet-facing attack surfaces rarely stay the same for long. But

The Hacker News
Open in Source
#vulnerability#web#windows#google#samba#aws#auth#The Hacker News
CVE-2023-31074: WordPress Extensions for Leaflet Map plugin <= 3.4.1 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in hupe13 Extensions for Leaflet Map plugin <= 3.4.1 versions.

CVE-2023-26530: WordPress Updraft plugin <= 0.6.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Paul Kehrer Updraft plugin <= 0.6.1 versions.

CVE-2023-31091: WordPress Dynamically Register Sidebars plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pradeep Singh Dynamically Register Sidebars plugin <= 1.0.1 versions.

Catching up with WoofLocker, the most elaborate traffic redirection scheme to tech support scams

Categories: Threat Intelligence Tags: tech support scams Tags: fingerprinting Tags: steganography This tech support scam is one of the most long running and covert ones we have ever seen. (Read more...) The post Catching up with WoofLocker, the most elaborate traffic redirection scheme to tech support scams appeared first on Malwarebytes Labs.

Russian Hackers Use Zulip Chat App for Covert C&C in Diplomatic Phishing Attacks

An ongoing campaign targeting ministries of foreign affairs of NATO-aligned countries points to the involvement of Russian threat actors. The phishing attacks feature PDF documents with diplomatic lures, some of which are disguised as coming from Germany, to deliver a variant of a malware called Duke, which has been attributed to APT29 (aka BlueBravo, Cloaked Ursa, Cozy Bear, Iron Hemlock,

CVE-2023-30876: WordPress Dave's WordPress Live Search plugin <= 4.8.1 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dave Ross Dave's WordPress Live Search plugin <= 4.8.1 versions.

CVE-2023-30874: WordPress GPS Plotter plugin <= 5.1.4 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Steve Curtis, St. Pete Design Gps Plotter plugin <= 5.1.4 versions.

CVE-2023-31076: WordPress Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.0.6 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.0.6 versions.

CVE-2023-28622: WordPress Easy Slider Revolution plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Trident Technolabs Easy Slider Revolution plugin <= 1.0.0 versions.