Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

CVE-2021-28861: gh-87389: Fix an open redirection vulnerability in http.server. by gpshead · Pull Request #93879 · python/cpython

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure.

CVE
Open in Source
#sql#vulnerability#web#ios#mac#windows#google#microsoft#git#java#c++#perl#auth#ssl
Microsoft Patch Tuesday August 2022: DogWalk, Exchange EOPs, 13 potentially dangerous, 2 funny, 3 mysterious vulnerabilities

Hello everyone! In this episode, let’s take a look at the Microsoft Patch Tuesday August 2022 vulnerabilities. I use my Vulristics vulnerability prioritization tool as usual. I take comments for vulnerabilities from Tenable, Qualys, Rapid7, ZDI and Kaspersky blog posts. Also, as usual, I take into account the vulnerabilities added between the July and August […]

Fake DDoS Protection Alerts Distribute Dangerous RAT

Security vendor Sucuri says adversaries are injecting malicious JavaScript into numerous WordPress websites that triggers phony bot-related checks.

Attackers using fake Cloudflare DDoS protection popups to distribute malware

By Waqas The malware dropped in this attack is the NetSupport RAT which was previously identified in malicious MS Word documents. This is a post from HackRead.com Read the original post: Attackers using fake Cloudflare DDoS protection popups to distribute malware

Microsoft Exchange Server ChainedSerializationBinder Remote Code Execution

This Metasploit module exploits vulnerabilities within the ChainedSerializationBinder as used in Exchange Server 2019 CU10, Exchange Server 2019 CU11, Exchange Server 2016 CU21, and Exchange Server 2016 CU22 all prior to Mar22SU. Note that authentication is required to exploit these vulnerabilities.

Gentoo Linux Security Advisory 202208-33

Gentoo Linux Security Advisory 202208-33 - A vulnerability has been found in libcroco which could result in denial of service. Versions less than 0.6.13 are affected.

CVE-2022-2552: CVEsLab/CVE-2022-2552 at main · SecuriTrust/CVEsLab

The Duplicator WordPress plugin before 1.4.7.1 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.

Cryptojackers growing in numbers and sophistication

Categories: News Categories: Cryptomining Tags: Cryptojacking Tags: fileless Tags: malware Tags: LOLBins Tags: RiskWare.BitCoinMiner Tags: Trojan.BitCoinMiner Tags: c2 Tags: mining pools Probably due to rising energy costs and the volatility in crypto-currencies, we can see a rise in malicious crypto mining, aka cryptojacking. (Read more...) The post Cryptojackers growing in numbers and sophistication appeared first on Malwarebytes Labs.

A week in security (August 15 - August 21)

Categories: A week in security Categories: News The most important and interesting computer security stories from the last week. (Read more...) The post A week in security (August 15 - August 21) appeared first on Malwarebytes Labs.