Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2023-24084: CVE-nu11secur1ty/vendors/tanhongit/2023/ChiKoi at main · nu11secur1ty/CVE-nu11secur1ty

ChiKoi v1.0 was discovered to contain a SQL injection vulnerability via the load_file function.

CVE
Open in Source
#sql#vulnerability#windows#ubuntu#linux#git#firefox
CVE-2022-45285: Vsourz-Digital/AdvancedContactForm_CF7_DB_XSS.txt at main · IthacaLabs/Vsourz-Digital

Vsourz Digital Advanced Contact form 7 DB Versions 1.7.2 and 1.9.1 is vulnerable to Cross Site Scripting (XSS).

What Happened to #OpRussia?

The cyberwar to attack Russia has never really stopped, despite a decreasing interest from the West.

Global Infotech CMS 1.0 SQL Injection

Global Infotech CMS version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Pig Butchering Scams Are Evolving Fast

Investment schemes are ensnaring victims with increasingly compelling narratives and believable tech.

CVE-2022-45455

Local privilege escalation due to incomplete uninstallation cleanup. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107, Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.

CVE-2022-45454

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30984.

CISA issues alert with South Korean government about DPRK's ransomware antics

Categories: News Categories: Ransomware Tags: CISA Tags: ransomware Tags: Democratic People’s Republic of Korea Tags: DPRK Tags: North Korea Tags: WannaCry Tags: EternalBlue Tags: Lazarus Group Tags: APT Tags: Magniber Tags: Magnitude exploit kit Tags: exploit kit Tags: EK Tags: Andariel Tags: Silent Chollima Tags: Stonefly Tags: Maui Tags: H0lyGh0st Tags: PLUTONIUM Tags: Conti The tactics of North Korean-sponsored ransomware cyberattacks against the healthcare sector and other vital infrastructure are highlighted in the latest #StopRansomware alert. (Read more...) The post CISA issues alert with South Korean government about DPRK's ransomware antics appeared first on Malwarebytes Labs.

A week in security (February 6 - 12)

Categories: News Tags: VMware ESXi Tags: Safer Internet Day Tags: Malwarebytes Mobile Security Tags: ION Tags: LockBit ransomware Tags: ransomware Tags: GoAnywhere Tags: Ryuk Tags: Malwarebytes Application Block Tags: BEC Tags: business email compromise Tags: fake Facebook Tags: Facebook Tags: Reddit breach Tags: Killnet Tags: DDoS attack The most interesting security related news from the week of February 6 to 12. (Read more...) The post A week in security (February 6 - 12) appeared first on Malwarebytes Labs.

CVE-2022-48323: Sliver Malware With BYOVD Distributed Through Sunlogin Vulnerability Exploitations - ASEC BLOG

Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0.1.43315 is vulnerable to a path traversal issue. A remote and unauthenticated attacker can execute arbitrary programs on the victim host by sending a crafted HTTP request, as demonstrated by /check?cmd=ping../ followed by the pathname of the powershell.exe program.