Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Client-side Magecart attacks still around, but more covert

While we have heard less about web skimming attacks, attacks are still going on, but more quietly than before. The post Client-side Magecart attacks still around, but more covert appeared first on Malwarebytes Labs.

Malwarebytes
Open in Source
#web#mac#js#git#java#wordpress#php#perl#auth
SIEMENS-SINEMA Remote Connect 3.0.1.0-01.01.00.02 Cross Site Scripting

SIEMENS-SINEMA Remote Connect versions 3.0.1.0-01.01.00.02 and below suffer from a cross site scripting vulnerability.

Mitel 6800/6900 Series SIP Phones Backdoor Access

Mitel 6800/6900 Series SIP Phones excluding 6970 and Mitel 6900 Series IP (MiNet) Phones have a flow to spawn a telnet backdoor on the device with a static root password enabled. Affected versions include Rel 5.1 SP8 (5.1.0.8016) and earlier, Rel 6.0 (6.0.0.368) to 6.1 HF4 (6.1.0.165), and MiNet 1.8.0.12 and earlier.

Verbatim Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 Insufficient Verification

When analyzing the Verbatim Executive Fingerprint Secure SSD, Matthias Deeg found out that the content of the emulated CD-ROM drive containing the Windows and macOS client software can be manipulated. The content of this emulated CD-ROM drive is stored as ISO-9660 image in the "hidden" sectors of the USB drive that can only be accessed using special IOCTL commands, or when installing the drive in an external disk enclosure.

Verbatim Fingerprint Secure Portable Hard Drive #53650 Insufficient Verification

When analyzing the Verbatim Fingerprint Secure Portable Hard Drive, Matthias Deeg found out that the content of the emulated CD-ROM drive containing the Windows and macOS client software can be manipulated. The content of this emulated CD-ROM drive is stored as ISO-9660 image in the "hidden" sectors of the USB drive that can only be accessed using special IOCTL commands, or when installing the drive in an external disk enclosure.

CVE-2022-31795: Technical Advisory – FUJITSU CentricStor Control Center <= V8.1 – Unauthenticated Command Injection

An issue was discovered on Fujitsu ETERNUS CentricStor CS8000 (Control Center) devices before 8.1A SP02 P04. The vulnerability resides in the grel_finfo function in grel.php. An attacker is able to influence the username (user), password (pw), and file-name (file) parameters and inject special characters such as semicolons, backticks, or command-substitution sequences in order to force the application to execute arbitrary commands.

Verbatim Fingerprint Secure Portable Hard Drive #53650 Risky Crypto

When analyzing the Verbatim Fingerprint Secure Portable Hard Drive, Matthias Deeg found out it uses an insecure design which allows retrieving the currently used password and thus the ability to unlock and access the stored data in an unauthorized way.

Security Lessons From Protecting Live Events

Security defenders working for large venues and international events need to be able to move at machine speed because they have a limited time to detect and recover from attacks. The show must go on, always.

Verbatim Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 Risky Crypto

When analyzing the Verbatim Executive Fingerprint Secure SSD, Matthias Deeg found out it uses an insecure design which allows retrieving the currently used password and thus the ability to unlock and access the stored data in an unauthorized way.

Attackers can use ‘Scroll to Text Fragment’ web browser feature to steal data – research

In some scenarios, CSS style specifications can be manipulated to cause browsers to send data to an attacker-controlled server