#windows

Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 7 and April 14. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

A vulnerability was found in EyouCms 1.5.4. It has been classified as problematic. Affected is an unknown function of the file login.php?m=admin&c=Arctype&a=edit of the component New Picture Handler. The manipulation of the argument litpic_loca leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225942 is the identifier assigned to this vulnerability.

AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload.

SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information.

Categories: Business Prevent port scanning attacks with Malwarebytes for Business. (Read more...) The post Port scan attacks: Protecting your business from RDP attacks and Mirai botnets appeared first on Malwarebytes Labs.

A vulnerability, which was classified as problematic, has been found in DataGear up to 4.5.1. Affected by this issue is some unknown functionality of the component JDBC Server Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225920. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Categories: Threat Intelligence Tags: malvertising Tags: weebly Tags: google Tags: ads Tags: seniors Tags: recipe Tags: tech support Tags: scam Scammers are buying ads on for the most common Google searches made by seniors and defrauding them with tech support scams. (Read more...) The post Massive malvertising campaign targets seniors via fake Weebly sites appeared first on Malwarebytes Labs.

**What kind of security feature could be bypassed by successfully exploiting this vulnerability?** An attacker who successfully exploited this vulnerability could bypass the Windows Defender detection with a specially crafted file.

Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php.