Security
Headlines
HeadlinesLatestCVEs

Tag

#cisco

Google Workspace Vulnerable to Takeover Due to Domain-Wide Delegation Flaw, Warns Cybersecurity Firm Hunters

By Owais Sultan Dubbed "DeleFriend," the vulnerability enables attackers to manipulate GCP and Google Workspace delegations without needing the high-privilege Super Admin role on Workspace. This is a post from HackRead.com Read the original post: Google Workspace Vulnerable to Takeover Due to Domain-Wide Delegation Flaw, Warns Cybersecurity Firm Hunters

HackRead
Open in Source
#vulnerability#web#mac#google#microsoft#cisco#js#git#backdoor#oauth#auth
Hunters Security: Google Workspace Vulnerable to Takeover Due to Domain-Wide Delegation Flaw

By Owais Sultan Dubbed "DeleFriend," the vulnerability enables attackers to manipulate GCP and Google Workspace delegations without needing the high-privilege Super Admin role on Workspace. This is a post from HackRead.com Read the original post: Hunters Security: Google Workspace Vulnerable to Takeover Due to Domain-Wide Delegation Flaw

What is threat hunting?

Many organizations are curious about the idea of threat hunting, but what does this really entail? In this video, four experienced security professionals from across Cisco recently sat down to discuss the basics of threat hunting, and how to go about searching for the unknown.

CVE-2023-41257: TALOS-2023-1838 || Cisco Talos Intelligence Group

A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

CVE-2023-38573: TALOS-2023-1839 || Cisco Talos Intelligence Group

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

CVE-2023-32616: TALOS-2023-1837 || Cisco Talos Intelligence Group

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

CVE-2023-35985: TALOS-2023-1834 || Cisco Talos Intelligence Group

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted malicious site if the browser plugin extension is enabled.

CVE-2023-39542: TALOS-2023-1832 || Cisco Talos Intelligence Group

A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

CVE-2023-40194: TALOS-2023-1833 || Cisco Talos Intelligence Group

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.

CVE-2023-31275: TALOS-2023-1748 || Cisco Talos Intelligence Group

An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.