Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

Stellar Cyber Launches InterSTELLAR Partner Program for Open XDR Solutions

By Owais Sultan Stellar Cyber, the company that recently made headlines as one of the “10 Hot XDR Security Companies You… This is a post from HackRead.com Read the original post: Stellar Cyber Launches InterSTELLAR Partner Program for Open XDR Solutions

HackRead
Open in Source
#web#git#chrome#firefox
Microsoft Rolls Out Patches for 80 New Security Flaws — Two Under Active Attack

Microsoft's Patch Tuesday update for March 2023 is rolling out with remediations for a set of 80 security flaws, two of which have come under active exploitation in the wild. Eight of the 80 bugs are rated Critical, 71 are rated Important, and one is rated Moderate in severity. The updates are in addition to 29 flaws the tech giant fixed in its Chromium-based Edge browser in recent weeks. The

Google Proposes Reducing TLS Cert Life Span to 90 Days

Organizations will likely have until the end of 2024 to gain visibility and control over their keys and certificates.

CVE-2023-28343: Disclosures/os_command_injection.md at main · ahmedalroky/Disclosures

OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php.

CVE-2023-24892

Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability

CVE-2023-27074: BP Monitoring Management System | BP Monitoring Management Project

BP Monitoring Management System v1.0 was discovered to contain a SQL injection vulnerability via the emailid parameter in the login page.

Ubuntu Security Notice USN-5949-1

Ubuntu Security Notice 5949-1 - It was discovered that Chromium could be made to write out of bounds in several components. A remote attacker could possibly use this issue to corrupt memory via a crafted HTML page, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that Chromium contained an integer overflow in the PDF component. A remote attacker could possibly use this issue to corrupt memory via a crafted PDF file, resulting in a denial of service, or possibly execute arbitrary code.

Talos uncovers espionage campaigns targeting CIS countries, Turkey, and European institutions including Embassies and a critical EU Health care Agency

Cisco Talos has identified a new espionage oriented threat actor, which we are naming “YoroTrooper,” targeting a multitude of entities in Europe and Turkey.

CVE-2023-24892: Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

Fake ChatGPT Chrome Extension Hijacking Facebook Accounts for Malicious Advertising

A fake ChatGPT-branded Chrome browser extension has been found to come with capabilities to hijack Facebook accounts and create rogue admin accounts, highlighting one of the different methods cyber criminals are using to distribute malware. "By hijacking high-profile Facebook business accounts, the threat actor creates an elite army of Facebook bots and a malicious paid media apparatus," Guardio