Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

SumatraPDF 3.5.2 DLL Hijacking

SumatraPDF version 3.5.2 suffers from a DLL hijacking vulnerability using CRYPTBASE.DLL. DLL hijacking in this version was already discovered by Ravishanka Silva in February of 2024 but the findings did not include this DLL.

Packet Storm
#vulnerability#windows#google#pdf#auth
Boss Mini 1.4.0 Local File Inclusion

Boss Mini version 1.4.0 suffers from a local file inclusion vulnerability.

A-PDF All To MP3 Converter 2.0.0 Overflow

A-PDF All to MP3 Converter version 2.0.0 overflow exploit with DEP Bypass with HeapCreate + HeapAlloc + some_memory_copy_function ROP chain.

BoidCMS 2.0.0 Command Injection

This Metasploit module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS versions 2.0.0 and below. BoidCMS allows the authenticated upload of a php file as media if the file has the GIF header, even if the file is a php file.

Membership Management System 1.0 SQL Injection

Membership Management System version 1.0 suffers from a remote SQL injection vulnerability.

Here Are the Google and Microsoft Security Updates You Need Right Now

Plus: Mozilla patches 12 flaws in Firefox, Zoom fixes seven vulnerabilities, and more critical updates from February.

Savvy Seahorse Using Fake ChatGPT, Facebook Ads in DNS Investment Scam

By Deeba Ahmed The scammers creates fake investment platforms using popular companies like Tesla, Meta, and Imperial Oil and lures unsuspecting users into depositing funds. This is a post from HackRead.com Read the original post: Savvy Seahorse Using Fake ChatGPT, Facebook Ads in DNS Investment Scam

Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks

The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level access and disable security software on compromised hosts. The vulnerability in question is CVE-2024-21338 (CVSS score: 7.8), which can permit an attacker to gain SYSTEM privileges. It was resolved by Microsoft earlier this month as part

ALPHV is singling out healthcare sector, say FBI and CISA

CISA, FBI and HHS are warning about the ALPHV/ Blackcat ransomware group targeting the healthcare industry.

Calendar Meeting Links Used to Spread Mac Malware

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s account at Calendly, a popular free calendar application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call. But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems.