Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

CVE-2024-43577: Microsoft Edge (Chromium-based) Spoofing Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** An attacker would have to send the victim a malicious file that the victim would have to execute.

Microsoft Security Response Center
Open in Source
#vulnerability#microsoft#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
Iran's APT34 Abuses MS Exchange to Spy on Gulf Gov'ts

A MOIS-aligned threat group has been using Microsoft Exchange servers to exfiltrate sensitive data from Gulf-state government agencies.

Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk

A critical security flaw has been disclosed in the Kubernetes Image Builder that, if successfully exploited, could be abused to gain root access under certain circumstances. The vulnerability, tracked as CVE-2024-9486 (CVSS score: 9.8), has been addressed in version 0.1.38. The project maintainers acknowledged Nicolai Rybnikar for discovering and reporting the vulnerability. "A security issue

October Linux Patch Wednesday

October Linux Patch Wednesday. There are 248 vulnerabilities in total. Of these, 92 are in the Linux Kernel. 5 vulnerabilities with signs of exploitation in the wild: 🔻 Remote Code Execution – CUPS (CVE-2024-47176) and 4 more CUPS vulnerabilities that can also be used to enhance DoS attacks🔻 Remote Code Execution – Mozilla Firefox (CVE-2024-9680) […]

Chinese Researchers Tap Quantum to Break Encryption

But the time when quantum computers pose a tangible threat to modern encryption is likely still several years away.

GHSA-37gm-h5wr-pf25: Path traversal in redaxo

An issue in the component /index.php?page=backup/export of REDAXO CMS v5.17.1 allows attackers to execute a directory traversal.

GHSA-7c4c-749j-pfp2: Admidio Vulnerable to HTML Injection In The Messages Section

### Summary An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. ### PoC 1. Go to https://www.admidio.org/demo_en/adm_program/modules/messages/messages.php 2. Click on Send Private Message 3. In the `Message` field, enter the following payload `Testing<br><h1>HTML</h1><br><h2>Injection</h2>` > ![image](https://github.com/user-attachments/assets/0e5d9e4e-69c5-4908-9ab9-0c45c2548ff8) 4. Send the message 5. Open the message again > ![image](https://github.com/user-attachments/assets/d36f1b64-7d96-486d-ab65-cce2b7d21428) ### Impact 1. Data Theft: Stealing sensitive information like cookies, session tokens, and user credentials. 2. Session Hijacking: Gaining unauthorized access to user accounts. 3. Phishing: Tricking users into revealing sensitive information. 4. Website Defacement: Altering the appearance or content of the website. 5. Malware Distribution: Spreading malware to users' devices. 6. Denial of Service (DoS): Ov...

Hybrid Work Exposes New Vulnerabilities in Print Security

The shift to a distributed work model has exposed organizations to new threats, and a low but continuing stream of printer-related vulnerabilities isn't helping.

Cyber Gangs Aren't Afraid of Prosecution

Challenges with cybercrime prosecution are making it easier for attackers to act with impunity. Law enforcement needs to catch up.