#ios

Apple is introducing major updates to Safari Private Browsing, offering users better protections against third-party trackers as they browse the web. "Advanced tracking and fingerprinting protections go even further to help prevent websites from using the latest techniques to track or identify a user's device," the iPhone maker said. "Private Browsing now locks when not in use, allowing a user

Bitwarden Desktop v1.20.0 and above stores the biometric key in plaintext which allows a local attacker to decrypt the entire local vault.

P2S CMS version 0.1 suffers from a cross site scripting vulnerability.

Categories: Ransomware Categories: Threat Intelligence May saw a record number of 556 reported ransomware victims, the unusual emergence of Italy and Russia as major targets, and a significant rise in attacks on the education sector. (Read more...) The post Ransomware review: June 2023 appeared first on Malwarebytes Labs.

Categories: Exploits and vulnerabilities Categories: News Tags: Cisco Tags: anyconnect Tags: system secure client Tags: VPN Tags: bug Tags: patch Tags: update Tags: vulnerability Tags: SYSTEM We take a look at a recent update for Cisco Secure System Client and why you should apply the update as soon as possible. (Read more...) The post Update your Cisco System Secure Client now to fix this AnyConnect bug appeared first on Malwarebytes Labs.

The PowerPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: A partial fix for the issue was introduced in version 10.0.1, and an additional patch (version 10.0.2) was released to address a workaround.

The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the install_weglot function called via the admin_action_install_weglot action. This makes it possible for unauthenticated attackers to perform an unauthorized install of the Weglot Translate plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the dismiss_notice function called via the admin_action_ucp_dismiss_notice action. This makes it possible for unauthenticated attackers to dismiss plugin notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. The parameter location is not filtered, validated or sanitized and it accepts any kind of characters. For a path traversal attack, the only characters required were the dot (`.`) and the slash (`/`). A fix is available in version 3.06.2.

By Habiba Rashid The Stealth Soldier malware is capable of stealing browser data, recording audio and video, and much more. This is a post from HackRead.com Read the original post: Advanced Espionage Malware “Stealth Soldier” Hits Libyan Firms