Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

ChatGPT tricked into generating Windows 10 and Windows 11 keys

By Waqas A Twitter user successfully utilized the "grandma exploit" to trick ChatGPT and acquire multiple Windows 10 codes. This is a post from HackRead.com Read the original post: ChatGPT tricked into generating Windows 10 and Windows 11 keys

HackRead
Open in Source
#web#ios#windows#google#microsoft#git#intel#auth
Architecting XDR to Save Money and Your SOC's Sanity

XDR can lower platform costs and improve detection, but it requires committing to a few principles that go against the established way of thinking about SOC.

A week in security (June 26 - July 2)

Categories: News A list of topics we covered in the week of June 26 to July 2 of 2023 (Read more...) The post A week in security (June 26 - July 2) appeared first on Malwarebytes Labs.

CVE-2020-36741: class-wcmp-vendor-dashboard.php in dc-woocommerce-multi-vendor/tags/3.5.8/classes – WordPress Plugin Repository

The MultiVendorX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.7. This is due to missing or incorrect nonce validation on the submit_comment() function. This makes it possible for unauthenticated attackers to submit comments via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2023-33298: MacOS - Agent

com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allows Local Privilege Escalation (to root) via shell metacharacters in usingCAPath.

CVE-2023-3338: Linux Kernel NULL Pointer Dereference in DECnet

A flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the system.

GHSA-w5w5-2882-47pc: github.com/cosmos/cosmos-sdk's x/crisis does not charge ConstantFee

# x/crisis does not charge ConstantFee ### Impact If a transaction is sent to the `x/crisis` module to check an invariant, the ConstantFee parameter of the chain is NOT charged. All versions of the `x/crisis` module are affected on all versions of the Cosmos SDK. ### Details The `x/crisis` module is supposed to allow anyone to halt a chain in the event of a violated invariant by sending a `MsgVerifyInvariant` with the name of the invariant. Processing this message takes extra processing power hence a `ConstantFee` was introduced on the chain that is charged as extra from the reporter for the extra computational work. This is supposed to avert spammers on the chain making nodes do extra computations using this transaction. By not charging the `ConstantFee`, the transactions related to invariant checking are relatively cheaper compared to the computational need and other transactions. That said, the submitter still has to pay the transaction fee to put the transaction on the network, h...