Security
Headlines
HeadlinesLatestCVEs

Tag

#android

CVE-2023-0731: Diff [2857078:2861473] for interactive-geo-maps/trunk – WordPress Plugin Repository

The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the action content parameter in versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE
Open in Source
#xss#web#android#mac#js#git#java#wordpress#perl#auth#ibm#mongo#webkit#ssl
'Money Lover' Finance App Exposes User Data

A broken access control vulnerability could have led to dangerous follow-on attacks for users of the money-management app.

New Banking Trojan Targeting 100M Pix Payment Platform Accounts

New malware demonstrates how threat actors are pivoting toward payment platform attacks, researchers say.

Introducing Malwarebytes Mobile Security for Business: How to find malware and stop phishing attacks on smartphones and ChromeOS

Categories: Business See how our new offering Malwarebytes Security for Business helps you crush mobile malware and phishing attacks. (Read more...) The post Introducing Malwarebytes Mobile Security for Business: How to find malware and stop phishing attacks on smartphones and ChromeOS appeared first on Malwarebytes Labs.

CVE-2022-3229: unified_remote exploit by h00die · Pull Request #16989 · rapid7/metasploit-framework

Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing.

CVE-2023-20619: February 2023

In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519159; Issue ID: ALPS07519159.

Android Binder VMA Management Security Issues

Android Binder VMA management suffers from multiple security issues.

A week in security (January 30 - February 5)

Categories: News Tags: week in security Tags: blog roundup Tags: Roomba Tags: Facebook Tags: Eileen Gun Tags: Lock and Code Tags: data wiper Tags: LearnPress Tags: Riot Games Tags: League of Legends Tags: malvertising Tags: dark patterns Tags: supply chain attacks Tags: GitHub Tags: ransomware monthly Tags: ransomware Tags: AV-TEST top product Tags: multi-threat ransomware Tags: CISA Tags: BEC Tags: business email compromise The most interesting security related news from the week of January 30 - February 5. (Read more...) The post A week in security (January 30 - February 5) appeared first on Malwarebytes Labs.

Googling for Software Downloads Is Extra Risky Right Now

Plus: The FTC cracks down on GoodRx, Microsoft boots “verified” phishing scammers, researchers disclose EV charger vulnerabilities, and more.