Security
Headlines
HeadlinesLatestCVEs

Tag

#google

CVE-2021-32828: nuxeo/OAuth2Callback.java at master · nuxeo/nuxeo

The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the `oauth2` REST API is vulnerable to Reflected Cross-Site Scripting (XSS). This XSS can be escalated to Remote Code Execution (RCE) by levering the automation API.

CVE
Open in Source
#xss#web#google#apache#java#rce#oauth#auth
How Confidential Computing Can Change Cybersecurity

Encrypting data while in use, not just in transit and at rest, closes one more avenue of cyberattack.

CVE-2023-0088: swifty-page-manager.php in swifty-page-manager/trunk – WordPress Plugin Repository

The Swifty Page Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on several AJAX actions handling page creation and deletion among other things. This makes it possible for unauthenticated attackers to invoke those functions, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.

FBI warns of imposter ads in search results

Categories: News Tags: FBI Tags: ad Tags: ads Tags: advert Tags: paid Tags: sponsored Tags: search engine Tags: results Tags: fake Tags: download Tags: phish Tags: phishing Tags: malware The FBI has issued a warning about criminals impersonating brands in search ads (Read more...) The post FBI warns of imposter ads in search results appeared first on Malwarebytes Labs.

SpyNote Strikes Again: Android Spyware Targeting Financial Institutions

Financial institutions are being targeted by a new version of Android malware called SpyNote at least since October 2022. "The reason behind this increase is that the developer of the spyware, who was previously selling it to other actors, made the source code public," ThreatFabric said in a report shared with The Hacker News. "This has helped other actors [in] developing and distributing the

Google patches 60 vulnerabilities in first Android update of 2023

Categories: Android Categories: News Tags: 2023-01-01 Tags: 2023-01-05 Tags: Google Tags: Android Tags: CVE-2022-42719 Tags: CVE-2022-42720 Tags: CVE-2022-42721 Tags: mac80211 Tags: CVE-2022-41674 Tags: Qualcomm Tags: CVE-2022-22088 Google has published its first security bulletin of 2023 with details of vulnerabilities affecting Android devices. It includes fixes for 60 security issues. (Read more...) The post Google patches 60 vulnerabilities in first Android update of 2023 appeared first on Malwarebytes Labs.

The Evolving Tactics of Vidar Stealer: From Phishing Emails to Social Media

The notorious information-stealer known as Vidar is continuing to leverage popular social media services such as TikTok, Telegram, Steam, and Mastodon as an intermediate command-and-control (C2) server. "When a user creates an account on an online platform, a unique account page that can be accessed by anyone is generated," AhnLab Security Emergency Response Center (ASEC) disclosed in a