Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari

Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild. This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called Operation Triangulation that has been active since 2019. The exact threat actor behind the campaign is not known.

The Hacker News
Open in Source
#vulnerability#web#ios#mac#apple#backdoor#rce#zero_day#webkit#The Hacker News
Update now! Apple fixes three actively exploited vulnerabilities

Categories: Apple Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: kernel webkit Tags: CVE-2023-32434 Tags: CVE-2023-32435 Tags: CVE-2023-32439 Tags: type confusion Tags: integer overflow Tags: operation triangulation Apple has released security updates for several products to address a set of flaws it said were being actively exploited. (Read more...) The post Update now! Apple fixes three actively exploited vulnerabilities appeared first on Malwarebytes Labs.

CVE-2023-24261: CVE-2023-24261: GL-E750 Blind Authenticated Command Injection

A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request.

WordPress WP Sticky Social 1.0.1 CSRF / Cross Site Scripting

WordPress WP Sticky Social plugin version 1.0.1 suffers from cross site request forgery and cross site scripting vulnerabilities.

New Report Exposes Operation Triangulation's Spyware Implant Targeting iOS Devices

More details have emerged about the spyware implant that's delivered to iOS devices as part of a campaign called Operation Triangulation. Kaspersky, which discovered the operation after becoming one of the targets at the start of the year, said the malware has a lifespan of 30 days, after which it gets automatically uninstalled unless the time period is extended by the attackers. The Russian

The Shop 2.5 SQL Injection

The Shop version 2.5 suffers from a remote SQL injection vulnerability.

CVE-2023-34597: FIBARO | Motion Sensor - Motion detector

A vulnerability in Fibaro Motion Sensor firmware v3.4 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message.

Why businesses need a disinformation defense plan, with Lisa Kaplan: Lock and Code S04E13

Categories: Podcast This week on Lock and Code, we speak with Lisa Kaplan about why every business with an online presence should ready themselves against a potential disinformation campaign. (Read more...) The post Why businesses need a disinformation defense plan, with Lisa Kaplan: Lock and Code S04E13 appeared first on Malwarebytes Labs.

Update now! ASUS fixes nine security flaws

Categories: Exploits and vulnerabilities Categories: News Tags: ASUS Tags: router Tags: models Tags: CVE-2022-26376 Tags: CVE-2018-1160 Tags: Netatalk Tags: disable WAN ASUS has released firmware updates for several router models fixing two critical and several other security issues. (Read more...) The post Update now! ASUS fixes nine security flaws appeared first on Malwarebytes Labs.

SystemK NVR 504/508/516 Command Injection

SystemK NVR 504/508/516 version 2.3.5SK.30084998 suffer from a command injection vulnerability.