Tag
Companymaps version 8.0 suffers from a cross site scripting vulnerability.
Red Hat Security Advisory 2023-2097-03 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include code execution, cross site scripting, denial of service, deserialization, improper neutralization, information leakage, and remote shell upload vulnerabilities.
Categories: News Tags: spam Tags: AI Tags: GPT Tags: generated Tags: content Tags: farm Tags: SEO Tags: click Tags: news Tags: ad Tags: advert Tags: google Tags: advertisers We take a look at the potential issues surrounding AI-generated content produced on a mass scale. (Read more...) The post AI-powered content farms start clogging search results with ad-stuffed spam appeared first on Malwarebytes Labs.
Three different threat actors leveraged hundreds of elaborate fictitious personas on Facebook and Instagram to target individuals located in South Asia as part of disparate attacks. "Each of these APTs relied heavily on social engineering to trick people into clicking on malicious links, downloading malware or sharing personal information across the internet," Guy Rosen, chief information
Categories: News I was asked to write a list of password tips. It's a short list. (Read more...) The post The one and only password tip you need appeared first on Malwarebytes Labs.
Meta said it took steps to take down more than 1,000 malicious URLs from being shared across its services that were found to leverage OpenAI's ChatGPT as a lure to propagate about 10 malware families since March 2023. The development comes against the backdrop of fake ChatGPT web browser extensions being increasingly used to steal users' Facebook account credentials with an aim to run
## Summary Two vulnerabilities have been found in Rekor types for archive files JARs and APKs, where Rekor would crash due to out of memory conditions caused by reading archive metadata files into memory without checking their sizes first causing a Denial of Service of Rekor. These vulnerabilities were found through fuzzing with [OSS-Fuzz](https://google.github.io/oss-fuzz/). ## Vulnerability 1: OOM due to large files in META-INF directory of JAR files. ### Summary Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. ### Details As part of verifying a JAR file, Rekor uses the [relic library](http://github.com/sassoftware/relic) to check that the JAR is signed, the signature verifies, and that the hashes in the signed manifest are all valid. This library function reads files within META-INF/ into memory without checking their sizes, resulting in an OOM if the uncompressed file is suffi...
An update is now available for Red Hat Satellite 6.13. The release contains a new version of Satellite and important security fixes for various components.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1471: A flaw was found in the SnakeYaml package. This flaw allows an attacker to benefit from remote code execution by sending malicious YAML content and this content being deserialized by the constructor. Deserialization is unsafe and leads to Remote Code Execution (RCE). * CVE-2022-22577: A flaw was found in rubygem-actionpack where CSP headers were sent with responses that Rails considered "HTML" responses. This flaw allows an attacker to leave API requests without CSP headers and perform a Cross-site scripting attack. * CVE-2022-...
SoftExpert Suite version 2.1.3 suffers from a local file inclusion vulnerability.
Gentoo Linux Security Advisory 202305-10 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 109.0.5414.74-r1>= are affected.