Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

UFO Whistleblower, Meet a Conspiracy-Loving Congress

Fresh claims from a former US intelligence officer about an “intact” alien craft may get traction on Capitol Hill, where some lawmakers want to believe.

Wired
Open in Source
#apple#git#intel#auth#sap
CVE-2023-32546: ダウンロード | ビジネスチャットならChatwork

Code injection vulnerability exists in Chatwork Desktop Application (Mac) 2.6.43 and earlier. If this vulnerability is exploited, a non-administrative user of the Mac where the product is installed may store and obtain audio and image data from the product without the user's consent.

CVE-2023-2563: WordPress Contact Forms by Cimatti <= 1.5.7 - Cross-Site Request Forgery via _accua_forms_form_edit_action — Wordfence Intelligence

The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function _accua_forms_form_edit_action. This makes it possible for unauthenticated attackers to delete forms created with this plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Pink Drainer Posed as Journalists, Stole $3M from Discord and Twitter Users

By Habiba Rashid Pink Drainer hacking group has been employing sophisticated social engineering techniques, often masquerading as journalists from reputable media outlets like Decrypto and Cointelegraph. This is a post from HackRead.com Read the original post: Pink Drainer Posed as Journalists, Stole $3M from Discord and Twitter Users

RomCom Threat Actor Targets Ukrainian Politicians, US Healthcare

The group appears to be targeting victims based on their proximity and involvement to and within pro-Ukraine organizations.

The US Is Openly Stockpiling Dirt on All Its Citizens

A newly declassified report from the Office of the Director of National Intelligence reveals that the federal government is buying troves of data about Americans.

CVE-2022-27541: HP PC BIOS February 2023 Security Update (TOCTOU)

Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.

'Stealth Soldier' Attacks Target Libyan Government Entities With Surveillance Malware

Surveillance malware targets Libyan government entities, with possible links to a 2019 Egypt attack campaign.

9 Years After the Mt. Gox Hack, Feds Indict Alleged Culprits

Plus: Instagram’s CSAM network gets exposed, Clop hackers claim credit for MOVEit Transfer exploit, and a $35 million crypto heist has North Korean ties.

Former TikTok exec: Chinese Communist Party had "God mode" entry to US data

Categories: News Categories: Privacy Tags: Yu Tags: TikTok Tags: ByteDance Tags: CCP Tags: influence Tags: data access Tags: loaded gun A former executive at TikTok’s parent company ByteDance has claimed in court documents that the Chinese Community Party (CCP) had access to TikTok data, despite the data being stored in the US. (Read more...) The post Former TikTok exec: Chinese Communist Party had "God mode" entry to US data appeared first on Malwarebytes Labs.