Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

CVE-2023-25832: Portal for ArcGIS Security 2023 Update 1 Patch

There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions. 

CVE
Open in Source
#xss#csrf#vulnerability#web#mac#windows#linux#java#perl#ldap#ssrf#log4j#oauth#auth#chrome
CVE-2023-31474: CVE-issues/Directory_Listing.md at main · gl-inet/CVE-issues

An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name.

CVE-2020-23362: Beyond authority loophole in Yershop · Issue #1 · huyiwill/shopcms_lang

Insecure Permissons vulnerability found in Shop_CMS YerShop all versions allows a remote attacker to escalate privileges via the cover_id parameter.

Fake system update drops Aurora stealer via Invalid Printer loader

Categories: Threat Intelligence Tags: malvertising Tags: Aurora stealer Tags: loader Tags: Amadey Not all system updates mean well, and some will even trick you into installing malware. (Read more...) The post Fake system update drops Aurora stealer via Invalid Printer loader appeared first on Malwarebytes Labs.

LayerX’s Browser Security Survey Reveals: 87% of SaaS Adopters Exposed to Browser-borne Attacks in the Past Year

By Deeba Ahmed The first-ever browser security survey of CISOs’ security practices reveals CISOs' struggles, displeasure with current security solutions and cloud concerns. This is a post from HackRead.com Read the original post: LayerX’s Browser Security Survey Reveals: 87% of SaaS Adopters Exposed to Browser-borne Attacks in the Past Year

Your Twitter Feed Sucks Now. These Free Add-Ons Can Help

A  few simple tools can help filter out most Twitter Blue users (but still see the ones you like).

Microsoft vs Google spat sees users rolling back security updates to fix browser issues

Categories: News Tags: Chrome Tags: Windows Tags: Edge Tags: browser Tags: update Tags: Microsoft Tags: default Tags: install We take a look at trouble brewing in browser land after a controversial Windows update leaves Chrome fans without a useful feature. (Read more...) The post Microsoft vs Google spat sees users rolling back security updates to fix browser issues appeared first on Malwarebytes Labs.

Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry

An advanced persistent threat (APT) actor known as Dragon Breath has been observed adding new layers of complexity to its attacks by adopting a novel DLL side-loading mechanism. "The attack is based on a classic side-loading attack, consisting of a clean application, a malicious loader, and an encrypted payload, with various modifications made to these components over time," Sophos researcher