#windows

CVE-2022-44900: Fix sanity check for path traversal attack · miurahr/py7zr@1bb43f1

A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file.

3 years ago

CVE

Open in Source

#vulnerability #windows #linux

Google Chrome Flaw Added to CISA Patch List

CISA gives agencies deadline to patch against Google Chrome bug being actively exploited in the wild.

3 years ago

DARKReading

Open in Source

#vulnerability #mac #windows #google #linux #chrome

CVE-2022-45326: Kwoksys 2.9.5 XXE

An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks.

3 years ago

CVE

Open in Source

#sql #vulnerability #web #windows #apple #linux #apache #git #java #oracle #rce #ssrf #auth #postgres #chrome #webkit

Senayan Library Management System 9.5.1 SQL Injection

Senayan Library Management System version 9.5.1 suffers from a remote SQL injection vulnerability.

3 years ago

Packet Storm

Open in Source

#sql #xss #vulnerability #web #windows #apple #apache #js #git #java #php #auth #chrome #webkit #ssl

Machine Learning Models: A Dangerous New Attack Vector

Threat actors can weaponize code within AI technology to gain initial network access, move laterally, deploy malware, steal data, or even poison an organization's supply chain.

3 years ago

DARKReading

Open in Source

#web #ios #mac #windows #linux #dos #git #intel

Telcom and BPO Companies Under Attack by SIM Swapping Hackers

A persistent intrusion campaign has set its eyes on telecommunications and business process outsourcing (BPO) companies at lease since June 2022. "The end objective of this campaign appears to be to gain access to mobile carrier networks and, as evidenced in two investigations, perform SIM swapping activity," CrowdStrike researcher Tim Parisi said in an analysis published last week. The

3 years ago

The Hacker News

Open in Source

#windows #google #microsoft #linux #cisco #git #rce #aws #auth #The Hacker News

CVE-2022-34881: hitachi-sec-2022-140: Information Exposure Vulnerability in JP1/Automatic Operation

Generation of Error Message Containing Sensitive Information vulnerability in Hitachi JP1/Automatic Operation allows local users to gain sensitive information. This issue affects JP1/Automatic Operation: from 10-00 through 10-54-03, from 11-00 before 11-51-09, from 12-00 before 12-60-01.

3 years ago

CVE

Open in Source

#vulnerability #web #windows #linux

CVE-2022-34881: hitachi-sec-2022-140: Information Exposure Vulnerability in JP1/Automatic Operation

3 years ago

CVE

Open in Source

#vulnerability #web #windows #linux

Fake Windows Crypto Apps Spreading AppleJeus Malware

By Deeba Ahmed The infamous North Korean state-backed Lazarus hacking group is using AppleJeus malware to steal crypto funds from Windows users. This is a post from HackRead.com Read the original post: Fake Windows Crypto Apps Spreading AppleJeus Malware

3 years ago

HackRead

Open in Source

#web #mac #windows #apple #microsoft #git

Lazarus group uses fake cryptocurrency apps to plant AppleJeus malware

Categories: News Categories: Threats Tags: Lazarus Tags: APT38 Tags: AppleJeus Tags: sideloading Tags: BloxHolder Researchers have found a new Lazarus campaign, once again targeting cryptocurrency users and organizations by deploying a fake website and malicious documents. (Read more...) The post Lazarus group uses fake cryptocurrency apps to plant AppleJeus malware appeared first on Malwarebytes Labs.

3 years ago

Malwarebytes

Open in Source

#web #mac #windows #apple #microsoft #git #intel