Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Mac Users Beware: New Trojan-Proxy Malware Spreading via Pirated Software

Unauthorized websites distributing trojanized versions of cracked software have been found to infect Apple macOS users with a new Trojan-Proxy malware. "Attackers can use this type of malware to gain money by building a proxy server network or to perform criminal acts on behalf of the victim: to launch attacks on websites, companies and individuals, buy guns, drugs, and other illicit

The Hacker News
Open in Source
#web#android#mac#windows#apple#git#auth#The Hacker News
CVE-2023-6061: Phantom DLL hijacking vulnerabilities in Iconics Suite - CVE-2023-6061

Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an accessible search path. The affected components are: * MMXFax.exe * winfax.dll * MelSim2ComProc.exe * Sim2ComProc.dll * MMXCall_in.exe * libdxxmt.dll * libsrlmt.dll

Cybersecurity considerations to have when shopping for holiday gifts

When searching for holiday gifts online, make sure you’re buying from a trusted vendor, or if you haven’t heard of the vendor before, take a few extra minutes just to look them up and read their app’s privacy policy.

GHSA-c79f-pqgf-fhp3: Directory Traversal in Gladys Assistant

Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine.

CVE-2023-47440: Update HLS chunk regex by Pierre-Gilles · Pull Request #1918 · GladysAssistant/Gladys

Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine.

CVE-2023-46871: Memory leaks in NewSFDouble scenegraph/vrml_tools.c:300 · Issue #2658 · gpac/gpac

GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300. This vulnerability may lead to a denial of service.

CVE-2023-49428: vuln/iot/AX12/SetOnlineDevName.md at master · ef4tless/vuln

Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName.

CVE-2023-49425: vuln/iot/AX12/setMacFilterCfg.md at master · ef4tless/vuln

Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg .

Ubuntu Security Notice USN-6463-2

Ubuntu Security Notice 6463-2 - USN-6463-1 fixed vulnerabilities in Open VM Tools. This update provides the corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker with Guest Operations privileges could possibly use this issue to elevate their privileges.