Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

CVE-2023-5763: Eclipse GlassFish Security Guide, Release 7

In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.

CVE
Open in Source
#xss#vulnerability#web#mac#windows#linux#dos#apache#js#git#java#oracle#intel#perl#ldap#amd#buffer_overflow#acer#auth#ssh#maven#ssl
Iran’s MuddyWater Group Targets Israelis with Fake Memo Spear-Phishing

By Deeba Ahmed MuddyWater (aka Mango Sandstorm and Static Kitten) is a cyberespionage group that's believed to be active since 2017. This is a post from HackRead.com Read the original post: Iran’s MuddyWater Group Targets Israelis with Fake Memo Spear-Phishing

You’d be surprised to know what devices are still using Windows CE

The Arid Viper threat actor is actively trying to install spyware on targeted devices in the Middle East, using fake dating apps as lures.

CVSS v4.0 Released with New Supplemental Metrics, and OT/ICS/IoT Support

By Deeba Ahmed IN SUMMARY The non-profit collective Forum of Incident Response and Security Teams (FIRST), has released the new version… This is a post from HackRead.com Read the original post: CVSS v4.0 Released with New Supplemental Metrics, and OT/ICS/IoT Support

Microsoft Does Damage Control With Its New 'Secure Future Initiative'

Following a string of serious security incidents, Microsoft says it has a plan to deal with escalating threats from cybercriminals and state-backed hackers.

CVE-2023-5860: Icons Font Loader <= 1.1.2 - Authenticated (Administrator+) Arbitrary File Upload — Wordfence Intelligence

The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

The UN Hired an AI Company to Untangle the Israeli-Palestinian Crisis

CulturePulse's AI model promises to create a realistic virtual simulation of every Israeli and Palestinian citizen. But don't roll your eyes: It's already been put to the test in other conflict zones.

SaaS Security is Now Accessible and Affordable to All

This new product offers SaaS discovery and risk assessment coupled with a free user access review in a unique “freemium” model Securing employees' SaaS usage is becoming increasingly crucial for most cloud-based organizations. While numerous tools are available to address this need, they often employ different approaches and technologies, leading to unnecessary confusion and complexity. Enter

Iran's MuddyWater Targets Israel in New Spear-Phishing Cyber Campaign

The Iranian nation-state actor known as MuddyWater has been linked to a new spear-phishing campaign targeting two Israeli entities to ultimately deploy a legitimate remote administration tool from N-able called Advanced Monitoring Agent. Cybersecurity firm Deep Instinct, which disclosed details of the attacks, said the campaign "exhibits updated TTPs to previously reported MuddyWater activity,"

CVE-2023-5606: ChatBot 4.8.6 - 4.9.6 - Authenticated (Administrator+) Stored Cross-Site Scripting in FAQ Builder — Wordfence Intelligence

The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 through 4.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. NOTE: This vulnerability is a re-introduction of CVE-2023-4253.