Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

The Real Risks in Google’s New .Zip and .Mov Domains

While the company’s new top-level domains could be used in phishing attacks, security researchers are divided on how big of a problem they really pose.

Wired
Open in Source
#web#windows#apple#google#git
CVE-2023-28529: Security Bulletin: IBM InfoSphere Information Server is vulnerable to stored cross-site scripting (CVE-2023-28529)

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251213.

CVE-2023-28514: Security Bulletin: IBM MQ is affected by a sensitive information disclosure vulnerability (CVE-2023-28514)

IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398.

ChurchCRM 4.5.4 Cross Site Scripting

ChurchCRM version 4.5.4 suffers from a cross site scripting vulnerability. Related CVE number: CVE-2023-31699.

Bludit CMS 3.14.1 Cross Site Scripting

Bludit CMS version 3.14.1 suffers from a persistent cross site scripting vulnerability.

KeePass Vulnerability Imperils Master Passwords

A newly discovered bug in the open source password manager, if exploited, lets attackers retrieve a target's master password — and proof-of-concept code is available.

Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict

Plug X and other information-stealing remote-access Trojans are among the malware targeting networking, manufacturing, and logistics companies in Taiwan.

CVE-2023-32322: Merge pull request from GHSA-28j3-84m7-gpjp · Ombi-app/Ombi@b8a8f02

Ombi is an open source application which allows users to request specific media from popular self-hosted streaming servers. Versions prior to 4.38.2 contain an arbitrary file read vulnerability where an Ombi administrative user may access files available to the Ombi server process on the host operating system. Ombi administrators may not always be local system administrators and so this may violate the security expectations of the system. The arbitrary file read vulnerability was present in `ReadLogFile` and `Download` endpoints in `SystemControllers.cs` as the parameter `logFileName` is not sanitized before being combined with the `Logs` directory. When using `Path.Combine(arg1, arg2, arg3)`, an attacker may be able to escape to folders/files outside of `Path.Combine(arg1, arg2)` by using ".." in `arg3`. In addition, by specifying an absolute path for `arg3`, `Path.Combine` will completely ignore the first two arguments and just return just `arg3`. This vulnerability can lead to infor...

Once Again, Malware Discovered Hidden in npm

Turkorat-poisoned packages sat in the npm development library for months, researchers say.

APT attacks: Exploring Advanced Persistent Threats and their evasive techniques

Categories: Business Unpacking one of the most dangerous threats in cybersecurity. (Read more...) The post APT attacks: Exploring Advanced Persistent Threats and their evasive techniques appeared first on Malwarebytes Labs.