Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Ukraine, Gaza Wars Inspire DDoS Surge Against Finservs

Hacktivists love to target financial services companies, and their attacks are growing both larger and longer.

DARKReading
Open in Source
#vulnerability#web#apple#ddos#dos#intel#botnet#auth
Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users

Cryptocurrency exchange Binance is warning of an "ongoing" global threat that's targeting cryptocurrency users with clipper malware with the goal of facilitating financial fraud. Clipper malware, also called ClipBankers, is a type of malware that Microsoft calls cryware, which comes with capabilities to monitor a victim's clipboard activity and steal sensitive data a user copies, including

GHSA-j8gh-87rx-c7w9: OpenShift Controller Manager Improper Privilege Management

A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to the node. An attacker with developer-level access can provide a crafted .gitconfig file containing commands executed during the cloning process, leading to arbitrary command execution on the worker node. An attacker running code in a privileged container could escalate their permissions on the node running the container.

'Void Banshee' Exploits Second Microsoft Zero-Day

Attackers have been using the Windows MSHTML Platform spoofing vulnerability in conjunction with another zero-day flaw.

GHSA-mmhx-hmjr-r674: DOMPurify allows tampering by prototype pollution

It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid XSS attack. Fixed by https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21 (3.x branch) and https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc (2.x branch).

GHSA-xmxj-v2q8-8qx6: Concrete CMS Stored XSS in the "Next&Previous Nav" block

Concrete CMS versions 9.0.0 to 9.3.4 and below 8.5.19 are vulnerable to Stored XSS in the "Next&Previous Nav" block. A rogue administrator could add a malicious payload by executing it in the browsers of targeted users. Since the "Next&Previous Nav" block output was not sufficiently sanitized, the malicious payload could be executed in the browsers of targeted users.

RansomHub Ransomware Gang Leaks 487GB of Alleged Kawasaki Europe Data

RansomHub ransomware group leaks alleged 487 GB of sensitive data stolen from Kawasaki Motors Europe (KME), following a…

Apple’s New Passwords App May Solve Your Login Nightmares

Apple is launching its first stand-alone password manager app in iOS 18. Here’s what you need to know.

GHSA-xgq9-7gw6-jr5r: Mattermost Desktop App fails to sufficiently configure Electron Fuses

Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access.

GHSA-46hr-3cq3-mcgp: OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability

An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information.