#mac

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity  Vendor: VISAM  Equipment: VBASE  Vulnerabilities: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information from the target device.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS VISAM reports these vulnerabilities affect the following VBASE products:   VBASE Automation Base: versions prior to 11.7.5  3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611  Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.  CVE-2022-41696 has been assigned to this vulnerability. A CVSS v3 base score of 5.5 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N).  3.2.2 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611  Versions of VISAM VBASE Automation Base prior t...

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.

Guessable CAPTCHA in GitHub repository answerdev/answer prior to 1.0.6.

The notorious Emotet malware, in its return after a short hiatus, is now being distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions and compromise systems. Emotet, linked to a threat actor tracked as Gold Crestwood, Mummy Spider, or TA542, continues to be a potent and resilient threat despite attempts by law enforcement to take it down. A

Categories: Explained Categories: News Tags: potentially unwanted programs Tags: PUAs Tags: PUPs If you’ve ever downloaded software onto your computer, chances are you’ve unknowingly cluttered your machine with potentially unwanted programs. (Read more...) The post How to avoid potentially unwanted programs appeared first on Malwarebytes Labs.

Categories: News Tags: Becky Holmes Tags: Lock and Code S04E06 Tags: ransomware Tags: WhatsApp Tags: AI chatbot Tags: investment fraud Tags: Clop Tags: Microsoft zero-day Tags: Microsoft Tags: STALKER 2 Tags: Facebook Tags: Microsoft OneNote Tags: LockBit Tags: Rubrik The most interesting security related news from the week of March 13 to 19. (Read more...) The post A week in security (March 13 - 19) appeared first on Malwarebytes Labs.

In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur.

org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.

Tenda W20E v15.11.0.6 (US_W20EV4.0br_v15.11.0.6(1068_1546_841)_CN_TDC) is vulnerable to Buffer Overflow via function formIPMacBindModify.

By Deeba Ahmed The ChatGPT-powered Blackmamba malware works as a keylogger, with the ability to send stolen credentials through Microsoft Teams. This is a post from HackRead.com Read the original post: ChatGPT-powered polymorphic Blackmamba malware evades detection