#windows

Cross Site Scripting vulnerability found in Exelysis Unified Communication Solution (EUCS) v.1.0 allows a remote attacker to gain privileges via the URL path of the eucsAdmin login web page.

ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file.

Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo.

Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data.

GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file.

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1.

A financially motivated cyber actor has been observed abusing Microsoft Azure Serial Console on virtual machines (VMs) to install third-party remote management tools within compromised environments. Google-owned Mandiant attributed the activity to a threat group it tracks under the name UNC3944, which is also known as Roasted 0ktapus and Scattered Spider. "This method of attack was unique in

Cybersecurity researchers have unearthed previously undocumented attack infrastructure used by the prolific state-sponsored group SideWinder to strike entities located in Pakistan and China. This comprises a network of 55 domains and IP addresses used by the threat actor, cybersecurity companies Group-IB and Bridewell said in a joint report shared with The Hacker News. "The identified phishing

Available today on all major podcast platforms is The BlueHat Podcast, a new series of security research focused conversations, continuing the themes from the BlueHat 2023 conference (session recordings available to watch here). Since 2005, BlueHat has been where the security research community, and Microsoft, come together as peers: to debate, discuss, share, challenge, celebrate and learn.

Categories: News Categories: Ransomware Tags: PharMerica Tags: Money Message Tags: ransomware Tags: PII Tags: SSN US pharmacy giant PharMerica has reported a cybersecurity incident that affects over 5.8 million people. The data theft has been claimed by ransomware group Money Message. (Read more...) The post PharMerica breach impacts almost 6 million people appeared first on Malwarebytes Labs.