Security
Headlines
HeadlinesLatestCVEs

Tag

#git

North Korea's Kimsuky Doubles Down on Remote Desktop Control

The sophisticated APT employs various tactics to abuse Windows and other built-in protocols with both custom and public malware to take over victim systems.

DARKReading
Open in Source
#web#windows#google#git#chrome
Clever malvertising attack uses Punycode to look like KeePass's official website

Categories: Threat Intelligence Tags: malvertising Tags: keepass Tags: punycode Tags: malware Tags: ads Tags: google Threat actors are doubling down on brand impersonation by using lookalike domain names. (Read more...) The post Clever malvertising attack uses Punycode to look like KeePass's official website appeared first on Malwarebytes Labs.

GHSA-4x5q-q7wc-q22p: Arduino Create Agent Insufficient Verification of Data Authenticity vulnerability

### Impact The vulnerability affects the endpoint `/v2/pkgs/tools/installed`. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those of the user running the Arduino Create Agent service via a crafted HTTP POST request. Further details are available in the references. ### Fixed Version * `1.3.3` ### References The issue was reported by Nozomi Networks Labs. Further details on the issue will soon be published and this advisory updated.

What is Cracktivator software?

Learn about Talos' research into cracked versions of the Microsoft Windows operating system and applications. Discover why the use of cracktivator software is a growing trend.

The Fake Browser Update Scam Gets a Makeover

One of the oldest malware tricks in the book -- hacked websites claiming visitors need to update their Web browser before they can view any content -- has roared back to life in the past few months. New research shows the attackers behind one such scheme have developed an ingenious way of keeping their malware from being taken down by security experts or law enforcement: By hosting the malicious files on a decentralized, anonymous cryptocurrency blockchain.

CVE-2023-46007: Zerrr0_Vulnerability/Best Courier Management System 1.0/SQL-Injection-Vulnerability-3.md at main · zerrr0/Zerrr0_Vulnerability

Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_staff.php.

CVE-2023-46006: Zerrr0_Vulnerability/Best Courier Management System 1.0/SQL-Injection-Vulnerability-2.md at main · zerrr0/Zerrr0_Vulnerability

Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_user.php.

CVE-2023-46005: Zerrr0_Vulnerability/Best Courier Management System 1.0/SQL-Injection-Vulnerability.md at main · zerrr0/Zerrr0_Vulnerability

Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_branch.php.

CVE-2023-46004: Zerrr0_Vulnerability/Best Courier Management System 1.0/Arbitrary-File-Upload-Vulnerability.md at main · zerrr0/Zerrr0_Vulnerability

Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the update_user function.

CVE-2023-45065: WordPress Bulk NoIndex & NoFollow Toolkit plugin <= 1.42 - Reflected Cross Site Scripting (XSS) vulnerability - Patchstack

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit plugin <= 1.42 versions.