Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Threat Source newsletter (May 11, 2023) — So much for that ransomware decline

A ransomware attack on the city of Dallas, Texas is still disrupting many social services as of Wednesday, including hampering police communications and operations and potentially putting personal information at risk.

TALOS
Open in Source
#vulnerability#web#mac#microsoft#cisco#git#rce#auth#zero_day
Startup Competition Secures ML Systems, Vulnerabilities in Automation

RSA's Innovation Sandbox 2023 focused on the software supply chain, as well as attack surfaces exposed by generative AI, ML systems, and APIs.

Red Hat Security Advisory 2023-2110-01

Red Hat Security Advisory 2023-2110-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.16. Issues addressed include a bypass vulnerability.

CVE-2023-22720: WordPress WP Links Page plugin <= 4.9.3 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Robert Macchi WP Links Page plugin <= 4.9.3 versions.

CVE-2023-2659: CVEproject/Online-Computer-and-Laptop-Store---Multiple-vulnerabilities.md at main · xiahao90/CVEproject

A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file view_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228801 was assigned to this vulnerability.

CVE-2023-2661: CVEproject/Online-Computer-and-Laptop-Store---Multiple-vulnerabilities.md at main · xiahao90/CVEproject

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228803.

New APT Group Red Stinger Targets Military and Critical Infrastructure in Eastern Europe

A previously undetected advanced persistent threat (APT) actor dubbed Red Stinger has been linked to attacks targeting Eastern Europe since 2020. "Military, transportation, and critical infrastructure were some of the entities being targeted, as well as some involved in the September East Ukraine referendums," Malwarebytes disclosed in a report published today. "Depending on the campaign,

Plug-and-Play Microsoft 365 Phishing Tool 'Democratizes' Attack Campaigns

New "Greatness" phishing-as-a-service used in attacks targeting manufacturing, healthcare, technology, and other sectors.

CISA Addresses 'Cyber Poor' Small Biz, Local Government

Relatively few organizations have the resources for security programs and security professionals, so the US cyber agency is putting programs in place to help them, while striving to understand the scope of the problem itself.

Multiple Ransomware Groups Adapt Babuk Code to Target ESXi VMs

Two years ago, a popular ransomware-as-a-service group's source code got leaked. Now other ransomware groups are using it for their own purposes.