#mac

Red Hat Security Advisory 2023-0045-01 - Virtual Network Computing is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients. Issues addressed include out of bounds access and use-after-free vulnerabilities.

Online Food Ordering System version 2.0 suffers from a remote SQL injection vulnerability.

WordPress Slider Revolution plugin version 4.6.5 suffers from a remote shell upload vulnerability.

Categories: News Tags: polite WiFi Tags: WiPeep Tags: triangulation Tags: battery drain Researchers have found that the WiFi protocol is a bit too polite when acknowledging received packets from outside the own network. (Read more...) The post Polite WiFi loophole could allow attackers to drain device batteries appeared first on Malwarebytes Labs.

A new malware campaign has been observed targeting Italy with phishing emails designed to deploy an information stealer on compromised Windows systems. "The info-stealer malware steals sensitive information like system info, crypto wallet and browser histories, cookies, and credentials of crypto wallets from victim machines," Uptycs security researcher Karthickkumar Kathiresan said in a report.

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive.

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive.

Organizations often defer patching because of business disruption fears — but that didn't work out very well for Rackspace's Hosted Exchange service.

### Impact A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses for synchronising files that are later applied against a Kubernetes cluster. Its endpoint had no security controls to block unauthorised access, therefore allowing local users (and processes) on the same machine to see and alter the bucket content. By leveraging this vulnerability, an attacker could pick a workload of their choosing and inject it into the S3 bucket, which resulted in the successful deployment in the target cluster, without the need to provide any credentials to either the S3 bucket nor the target Kubernetes cluster. ### Patches This vulnerability has been fixed by commits [75268c4](https://github.com/weaveworks/weave-gitops/pull/3114/commits/75268c4d2c8f7e4db22c63d76b451ba6545d117f) and [966823b](https://github.com/weaveworks/weave-gitops/pull/3102/commits/966823bbda8c539a4661e2a4f8607c9307ba6225). Use...

Business users receive a message from Facebook warning their accounts will be permanently suspended for using photos illegally if they don't appeal within 24 hours, leading victims to a credential-harvesting page instead.