Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2023-31844: bug_report/SQLi-3.md at main · acmglz/bug_report

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_subject.php?id=.

CVE
Open in Source
#sql#vulnerability#windows#php#auth#firefox
CVE-2023-31842: bug_report/SQLi-2.md at main · acmglz/bug_report

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/index.php?page=edit_faculty&id=.

CVE-2023-31843: bug_report/SQLi-1.md at main · acmglz/bug_report

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/view_faculty.php?id=.

CVE-2023-31845: bug_report/SQLi-4.md at main · acmglz/bug_report

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_class.php?id=.

A week in security (May 8-14)

Categories: News Tags: YouTube Tags: ad block Tags: sponsored tweets Tags: Twitter Tags: fake BBC News Tags: AVLab assessment Tags: Google Tags: Google Passkey Tags: MSP Tags: Patch Tuesday Tags: Discord Tags: RedStinger Tags: tech support scam Tags: Aurora stealer Tags: Invalid Printer loader Tags: MSI Tags: ransomware Tags: Brightline Tags: ransomware review Tags: Allan Liska Tags: Lock and Code S04E11 The most interesting security related news of the week from May 8 till 14. (Read more...) The post A week in security (May 8-14) appeared first on Malwarebytes Labs.

Newly identified RA Group compromises companies in U.S. and South Korea with leaked Babuk source code

Cisco Talos recently discovered a new ransomware actor called RA Group that has been operating since at least April 22, 2023.

New Ransomware Gang RA Group Hits U.S. and South Korean Organizations

A new ransomware group known as RA Group has become the latest threat actor to leverage the leaked Babuk ransomware source code to spawn its own locker variant. The cybercriminal gang, which is said to have been operating since at least April 22, 2023, is rapidly expanding its operations, according to cybersecurity firm Cisco Talos. "To date, the group has compromised three organizations in the

CLR SqlShell Malware Targets MS SQL Servers for Crypto Mining and Ransomware

Poorly managed Microsoft SQL (MS SQL) servers are the target of a new campaign that's designed to propagate a category of malware called CLR SqlShell that ultimately facilitates the deployment of cryptocurrency miners and ransomware. "Similar to web shell, which can be installed on web servers, SqlShell is a malware strain that supports various features after being installed on an MS SQL server,

CVE-2023-32784: KeePass / Discussion / Open Discussion: Security

In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.

Threat Roundup for May 5 to May 12

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between May 5 and May 12. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key