Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Application Security Must Be Nonnegotiable

Companies need to keep security priorities top of mind during economic downturns so all-important revenue generation doesn't come with a heaping side order of security problems.

DARKReading
Open in Source
#vulnerability#web#windows#apple#google#git#auth
Amazon Still Selling T95 TV Box with Pre-Installed Malware

By Deeba Ahmed Malwarebytes has confirmed that, despite confirmed reports of the presence of pre-installed malware in T95 TV boxes, Amazon is still allowing their sale. This is a post from HackRead.com Read the original post: Amazon Still Selling T95 TV Box with Pre-Installed Malware

GitHub revokes several certificates after unauthorized access

Categories: News Tags: GitHub Tags: Atom Tags: Desktop for Mac Tags: Apple Developer ID Tags: certificates Tags: Digicert Tags: sunset After an unauthorized access incident, GitHub will revoke three certificates which will affect users of Atom and GitHub Desktop for Mac. (Read more...) The post GitHub revokes several certificates after unauthorized access appeared first on Malwarebytes Labs.

CVE-2022-34396: DSA-2022-321: Dell OpenManage Server Administrator Security Update for DLL Injection Vulnerability

Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Exploitation may lead to a complete system compromise.

Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Hack Corporate Email Accounts

Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network (MPN) accounts that were used for creating malicious OAuth applications as part of a malicious campaign designed to breach organizations' cloud environments and steal email. "The applications created by these fraudulent actors were then used in a consent phishing campaign, which tricked users into granting

CVE-2022-34459: DSA-2022-298: Dell Command | Update, Dell Update, and Alienware Update Security Update for Multiple Vulnerabilities

Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.

GitHub Reports Code-Signing Certificate Theft in Security Breach

By Deeba Ahmed GitHub states that hackers gained access to its code repositories and stole code-signing certificates for two of its desktop apps: Desktop and Atom. This is a post from HackRead.com Read the original post: GitHub Reports Code-Signing Certificate Theft in Security Breach

CVE-2022-47769: Security Advisory: Serenissima Informatica – FastCheckIn (CVE-2022-47768/CVE-2022-47769/ CVE-2022-47770)

An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell.

CVE-2022-31902: GitHub - CDACesec/CVE-2022-31902

Notepad++ v8.4.1 was discovered to contain a stack overflow via the component Finder::add().

CVE-2023-24956: Forget Heart Message Box 1.1 has multiple SQL injections · Issue #1 · Mortalwangxin/lives

Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php.