#web

Use after free vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code.

The WordPress Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wordpress_social_login_meta' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Categories: Threat Intelligence Tags: amos Tags: apple Tags: malvertising Tags: atomic stealer Tags: wallets Tags: crypto Tags: mac While malvertising delivering infostealers has largely been a Windows problem, Mac users are getting targeted as well. (Read more...) The post Mac users targeted in new malvertising campaign delivering Atomic Stealer appeared first on Malwarebytes Labs.

The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `list_type` parameter in versions up to, and including, 4.3.5 due to insufficient input sanitization and output escaping. Using this vulnerability, unauthenticated attackers could inject arbitrary web scripts into pages that are being executed if they can successfully trick a user into taking an action, such as clicking a malicious link.

A logic issue was addressed with improved state management. This issue is fixed in Pro Video Formats 2.2.5. A user may be able to elevate privileges.

The issue was addressed with improved checks. This issue is fixed in Xcode 14.0. Parsing a file may lead to disclosure of user information.

Categories: Personal Tags: chastity cage Tags: IoT Tags: Internet of Things Tags: romance Tags: toy Tags: device Tags: expose Tags: user data We take a look at reports of an IoT chastity cage device which is exposing user data. (Read more...) The post Smart chastity device exposes sensitive user data appeared first on Malwarebytes Labs.

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults.

GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.

By Habiba Rashid Meet Chae$4 malware: the new and even harder-to-detect variant of the infamous Chaes malware. This is a post from HackRead.com Read the original post: New Chae$4 Malware Steals Login, Financial Data from Businesses