#windows

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.

Mandiant found that North Korea's UNC4736 gained initial access on 3CX's network when an employee downloaded a weaponized but legitimately-signed app from Trading Technologies.

Sourcecodester Judging Management System v1.0 is vulnerable to SQL Injection via /php-jms/print_judges.php?print_judges.php=&se_name=&sub_event_id=.

Vulnerable MS-SQL database servers have external connections and weak account credentials, researchers warn.

Overcoming the limitations of consumer MFA with a new flavor of passwordless.

Chitor-CMS version 1.1.2 suffers from a remote SQL injection vulnerability.

ProjeQtOr Project Management System version 10.3.2 suffers from a remote shell upload vulnerability.

Piwigo version 13.6.0 suffers from a persistent cross site scripting vulnerability.

Lilac-Reloaded for Nagios version 2.0.l8 remote code execution exploit.

Serendipity version 2.4.0 suffers from a cross site scripting vulnerability.