Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

LOBSHOT: A Stealthy, Financial Trojan and Info Stealer Delivered through Google Ads

In yet another instance of how threat actors are abusing Google Ads to serve malware, a threat actor has been observed leveraging the technique to deliver a new Windows-based financial trojan and information stealer called LOBSHOT. "LOBSHOT continues to collect victims while staying under the radar," Elastic Security Labs researcher Daniel Stepanic said in an analysis published last week. "One

The Hacker News
Open in Source
#web#mac#windows#google#microsoft#git#wordpress#backdoor#chrome#firefox#The Hacker News
CVE-2023-2247: Security Advisory 2023-07

In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function

CVE-2022-48483: Pwning 3CX Phone Management Backends from the Internet

3CX before 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote attackers to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this issue exists because of an incomplete fix for CVE-2022-28005.

Adobe ColdFusion Unauthenticated Remote Code Execution

This Metasploit module exploits a remote unauthenticated deserialization of untrusted data vulnerability in Adobe ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier, in order to gain remote code execution.

CompanyMaps 8.0 Cross Site Scripting

CompanyMaps version 8.0 suffers from a persistent cross site scripting vulnerability.

Microsoft: You're already using the last version of Windows 10

Categories: News Tags: Windows 10 Tags: Windows 11 Tags: Windows 10 end of support The current version of Windows 10, version 22H2, will be the last edition of the operating system (OS). (Read more...) The post Microsoft: You're already using the last version of Windows 10 appeared first on Malwarebytes Labs.

Mobile Mouse 3.6.0.4 Remote Code Execution

Mobile Mouse version 3.6.0.4 suffers from a remote code execution vulnerability. This exploit is a second version from the original author of the original exploit released in September of 2022.

Old Age Home Management 1.0 SQL Injection

Old Age Home Management version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

APT28 Targets Ukrainian Government Entities with Fake "Windows Update" Emails

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks perpetrated by Russian nation-state hackers targeting various government bodies in the country. The agency attributed the phishing campaign to APT28, which is also known by the names Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, Sednit, and Sofacy. The email messages come with the subject line "

A week in security (April 24 -30)

Categories: News Tags: Lockbit Tags: cl0p Tags: papercut Tags: vmware Tags: magecart Tags: fileless Tags: chatgpt Tags: apc Tags: Pupy rat Tags: guloader Tags: black basta Tags: flipper zero Tags: clickjacking The most interesting security related news of the week from April 24 till April 30 (Read more...) The post A week in security (April 24 -30) appeared first on Malwarebytes Labs.