Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2023-26462: ThingsBoard Release Notes

ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. (To read this stored data, the attacker needs access to the application server or its source code.)

CVE
Open in Source
#sql#xss#vulnerability#web#ios#mac#windows#apple#google#linux#apache#redis#nodejs#js#git#java#kubernetes#perl#aws#log4j#oauth#auth#ibm#postgres#docker#chrome#firefox#sap#maven#ssl
Hackers Advertising New Info-Stealing Malware on Dark Web

By Deeba Ahmed Dubbed "Stealc" by researchers, the malware is also being promoted on several Russian language hacker and cybercrime forums on the clear net, in addition to the dark web. This is a post from HackRead.com Read the original post: Hackers Advertising New Info-Stealing Malware on Dark Web

Scammers Mimic ChatGPT to Steal Business Credentials

Hackers will take anything newsworthy and turn it against you, including the world's most advanced AI-enabled chatbot.

CVE-2023-22974: OpenEMR Patches - OpenEMR Project Wiki

A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server.

How to Remove Duplicate Lines in EmEditor (2023)

By Waqas If you use EmEditor, this user-friendly tutorial will explain how to remove duplicate lines in the popular EmEditor text editor software. This is a post from HackRead.com Read the original post: How to Remove Duplicate Lines in EmEditor (2023)

CVE-2023-0932: Stable Channel Desktop Update

Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2023-0963: CVE_Demo/Music Gallery Site - Broken Access Control.md at main · navaidzansari/CVE_Demo

A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file Users.php of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221633 was assigned to this vulnerability.

The 5 most dangerous cyberthreats facing businesses this year

Which of the myriad, extant cyberthreats should your business be paying the most attention to in 2023? (Read more...) The post The 5 most dangerous cyberthreats facing businesses this year appeared first on Malwarebytes Labs.

Threat Actors Adopt Havoc Framework for Post-Exploitation in Targeted Attacks

An open source command-and-control (C2) framework known as Havoc is being adopted by threat actors as an alternative to other well-known legitimate toolkits like Cobalt Strike, Sliver, and Brute Ratel. Cybersecurity firm Zscaler said it observed a new campaign in the beginning of January 2023 targeting an unnamed government organization that utilized Havoc. "While C2 frameworks are prolific, the