Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Patch Tuesday, May 2024 Edition

Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two "zero-day" vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw.

Krebs on Security
Open in Source
#vulnerability#web#mac#windows#apple#google#microsoft#auth#zero_day#chrome#blog
GHSA-36g8-62qv-5957: TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController

### Problem The `ShowImageController` (_eID tx_cms_showpic_) lacks a cryptographic HMAC-signature on the `frame` HTTP query parameter (e.g. `/index.php?eID=tx_cms_showpic?file=3&...&frame=12345`). This allows adversaries to instruct the system to produce an arbitrary number of thumbnail images on the server side. ### Solution Update to TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 that fix the problem described. #### ℹ️ **Strong security defaults - Manual actions required** The `frame` HTTP query parameter is now ignored, since it could not be used by core APIs. The new feature flag `security.frontend.allowInsecureFrameOptionInShowImageController` – which is disabled per default – can be used to reactivate the previous behavior. ### Credits Thanks to TYPO3 security team member Torben Hansen who reported this issue and to TYPO3 core & security team members Benjamin Mack and Benjamin Franzke who fixed the issue. ### References * [TYPO3-CORE-SA-2024-010]...

TrojanSpy.Win64.EMOTET.A MVID-2024-0684 Code Execution

TrojanSpy.Win64.EMOTET.A malware suffers from a code execution vulnerability.

Chyrp 2.5.2 Cross Site Scripting

Chryp version 2.5.2 suffers from a persistent cross site scripting vulnerability.

Leafpub 1.1.9 Cross Site Scripting

Leafpub version 1.1.9 suffers from a persistent cross site scripting vulnerability.

DNS Tunneling Used for Stealthy Scans and Email Tracking

By Deeba Ahmed Hackers are hiding malicious messages in everyday internet traffic! Learn how DNS tunneling works and how to protect yourself from this sneaky cyberattack. Stop hackers from scanning your network and tracking your clicks. This is a post from HackRead.com Read the original post: DNS Tunneling Used for Stealthy Scans and Email Tracking

Update Chrome now! Google releases emergency security patch

Google has released security patches for two vulnerabilities. Make sure you're using the latest version.

CVE-2024-30021: Windows Mobile Broadband Driver Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability?** To exploit this vulnerability, an unauthenticated attacker needs to physically connect a malicious USB device to the victim's machine