Blogs - Security



National Vulnerability Database
- CVE-2023-29753 2023-06-09An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows a local attacker to cause a denial of service via the SharedPreference files.
- CVE-2023-26465 2023-06-09Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue.
- CVE-2023-3187 2023-06-09A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. Affected by this issue is some unknown functionality of the file /changeimage.php of the component Profile Picture Handler. The manipulation of the argument newpic leads to unrestricted upload. The attack may be launched remotely. The exploit has been […]
- CVE-2023-29751 2023-06-09An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
- CVE-2023-29761 2023-06-09An issue found in Sleep v.20230303 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
- CVE-2023-34856 2023-06-09A Cross Site Scripting (XSS) vulnerability in D-Link DI-7500G-CI-19.05.29A allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /auth_pic.cgi.
- CVE-2023-29766 2023-06-09An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause an escalation of Privileges via the database files.
- CVE-2023-32312 2023-06-09UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration. In affected versions client secrets are not required which may expose some endpoints to untrusted actors. Since Umbraco is not a single-page application, the implicit flow is not safe. For traditional MVC applications, it is recommended to use the authorization […]
- CVE-2023-29767 2023-06-09An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause a persistent denial of service via the database files.
- CVE-2023-3141 2023-06-09A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.
- CVE-2023-29752 2023-06-09An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component.
- CVE-2023-29755 2023-06-09An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
- CVE-2023-29756 2023-06-09An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
- CVE-2023-29758 2023-06-09An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
- CVE-2023-29759 2023-06-09An issue found in FlightAware v.5.8.0 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the database files.
- CVE-2023-29749 2023-06-09An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
- CVE-2023-29757 2023-06-09An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
- CVE-2023-2455 2023-06-09Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query […]
- CVE-2023-2454 2023-06-09schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
- CVE-2023-29713 2023-06-09Cross Site Scripting vulnerability found in Vade Secure Gateway allows a remote attacker to execute arbitrary code via a crafted payload to the GET request after the /css/ directory.
Packet Storm
- Ubuntu Security Notice USN-6152-1 2023-06-09Ubuntu Security Notice 6152-1 - It was discovered that NFS client's access cache implementation in the Linux kernel caused a severe NFS performance degradation in certain conditions. This updated makes the NFS file-access stale cache behavior to be optional.
- Debian Security Advisory 5422-1 2023-06-09Debian Linux Security Advisory 5422-1 - It was discovered that jupyter-core, the core common functionality for Jupyter projects, could execute arbitrary code in the current working directory while loading configuration files.
- Movierocket 1.0 Cross Site Scripting 2023-06-09Movierocket version 1.0 suffers from a cross site scripting vulnerability.
- Thruk Monitoring Web Interface 3.06 Path Traversal 2023-06-09Thruk Monitoring Web Interface versions 3.06 and below are affected by a path traversal vulnerability.
- Tenshi Log Monitoring Program 0.18 2023-06-09tenshi is a log monitoring program, designed to watch one or more log files for lines matching user defined regular expressions and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. Queues can be set to send a notification as soon as […]
- Zyxel IKE Packet Decoder Unauthenticated Remote Code Execution 2023-06-09This Metasploit module exploits a remote unauthenticated command injection vulnerability in the Internet Key Exchange (IKE) packet decoder over UDP port 500 on the WAN interface of several Zyxel devices. The affected devices are as follows: ATP (Firmware version 4.60 to 5.35 inclusive), USG FLEX (Firmware version 4.60 to 5.35 inclusive), VPN (Firmware version 4.60 […]
- Red Hat Security Advisory 2023-3555-01 2023-06-09Red Hat Security Advisory 2023-3555-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
- Codemonkey Multi Vendor Digital Product Mart 1.0 Cross Site Scripting 2023-06-09Codemonkey Multi Vendor Digital Product Mart version 1.0 suffers from a cross site scripting vulnerability.
- Scriptio 1.4 Cross Site Scripting 2023-06-09Scriptio version 1.4 suffers from a cross site scripting vulnerability.
- Ubuntu Security Notice USN-6151-1 2023-06-09Ubuntu Security Notice 6151-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that the KVM VMX implementation in the Linux kernel did not properly handle indirect […]
- EasyAnswer 1.0.1 Cross Site Scripting 2023-06-09EasyAnswer version 1.0.1 suffers from a cross site scripting vulnerability.
- Red Hat Security Advisory 2023-3556-01 2023-06-09Red Hat Security Advisory 2023-3556-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
- P2S CMS 0.1 Cross Site Scripting 2023-06-09P2S CMS version 0.1 suffers from a cross site scripting vulnerability.
- Ubuntu Security Notice USN-6150-1 2023-06-09Ubuntu Security Notice 6150-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the […]
- MVC Shop 0.5 Directory Traversal 2023-06-09MVC Shop version 0.5 suffers from a directory traversal vulnerability.
- PHP Live 3.1 Cross Site Scripting 2023-06-09PHP Live version 3.1 suffers from a cross site scripting vulnerability.
- Ubuntu Security Notice USN-6149-1 2023-06-09Ubuntu Security Notice 6149-1 - Patryk Sondej and Piotr Krysiuk discovered that a race condition existed in the netfilter subsystem of the Linux kernel when processing batch requests, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Gwangun Jung discovered that the […]
- Acelle Email Marketing 4.0.25 Arbitrary File Upload 2023-06-09Acelle Email Marketing version 4.0.25 suffers from an arbitrary file upload vulnerability.
- Ubuntu Security Notice USN-6147-1 2023-06-09Ubuntu Security Notice 6147-1 - Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service attacks, and arbitrary code execution.
- Kesion CMS X 2.0 Add Administrator 2023-06-09Kesion CMS X version 2.0 suffers from an unauthenticated add administrator vulnerability.
The Hacker News
- Microsoft Uncovers Banking AitM Phishing and BEC Attacks Targeting Financial Giants 2023-06-09Banking and financial services organizations are the targets of a new multi-stage adversary-in-the-middle (AitM) phishing and business email compromise (BEC) attack, Microsoft has revealed. "The attack originated from a compromised trusted vendor and transitioned into a series of AiTM attacks and follow-on BEC activity spanning multiple organizations," the tech giant disclosed in a Thursday
- Asylum Ambuscade: A Cybercrime Group with Espionage Ambitions 2023-06-09The threat actor known as Asylum Ambuscade has been observed straddling cybercrime and cyber espionage operations since at least early 2020. "It is a crimeware group that targets bank customers and cryptocurrency traders in various regions, including North America and Europe," ESET said in an analysis published Thursday. "Asylum Ambuscade also does espionage against government entities in Europe
- 5 Reasons Why Access Management is the Key to Securing the Modern Workplace 2023-06-09The way we work has undergone a dramatic transformation in recent years. We now operate within digital ecosystems, where remote work and the reliance on a multitude of digital tools is the norm rather than the exception. This shift – as you likely know from your own life – has led to superhuman levels of […]
- Stealth Soldier: A New Custom Backdoor Targets North Africa with Espionage Attacks 2023-06-09A new custom backdoor dubbed Stealth Soldier has been deployed as part of a set of highly-targeted espionage attacks in North Africa. "Stealth Soldier malware is an undocumented backdoor that primarily operates surveillance functions such as file exfiltration, screen and microphone recording, keystroke logging and stealing browser information," cybersecurity company Check Point said in a
- Experts Unveil Exploit for Recent Windows Vulnerability Under Active Exploitation 2023-06-08Details have emerged about a now-patched actively exploited security flaw in Microsoft Windows that could be abused by a threat actor to gain elevated privileges on affected systems. The vulnerability, tracked as CVE-2023-29336, is rated 7.8 for severity and concerns an elevation of privilege bug in the Win32k component. "An attacker who successfully exploited this vulnerability […]
- Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021 2023-06-08The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have published a joint advisory regarding the active exploitation of a recently disclosed critical flaw in Progress Software's MOVEit Transfer application to drop ransomware. "The Cl0p Ransomware Gang, also known as TA505, reportedly began exploiting a previously unknown SQL injection
- How to Improve Your API Security Posture 2023-06-08APIs, more formally known as application programming interfaces, empower apps and microservices to communicate and share data. However, this level of connectivity doesn't come without major risks. Hackers can exploit vulnerabilities in APIs to gain unauthorized access to sensitive data or even take control of the entire system. Therefore, it's essential to have a robust […]
- Urgent Security Updates: Cisco and VMware Address Critical Vulnerabilities 2023-06-08VMware has released security updates to fix a trio of flaws in Aria Operations for Networks that could result in information disclosure and remote code execution. The most critical of the three vulnerabilities is a command injection vulnerability tracked as CVE-2023-20887 (CVSS score: 9.8) that could allow a malicious actor with network access to achieve remote code execution. Also […]
- Kimsuky Targets Think Tanks and News Media with Social Engineering Attacks 2023-06-08The North Korean nation-state threat actor known as Kimsuky has been linked to a social engineering campaign targeting experts in North Korean affairs with the goal of stealing Google credentials and delivering reconnaissance malware. "Further, Kimsuky's objective extends to the theft of subscription credentials from NK News," cybersecurity firm SentinelOne said in a report shared with The
- Barracuda Urges Immediate Replacement of Hacked ESG Appliances 2023-06-08Enterprise security company Barracuda is now urging customers who were impacted by a recently disclosed zero-day flaw in its Email Security Gateway (ESG) appliances to immediately replace them. "Impacted ESG appliances must be immediately replaced regardless of patch version level," the company said in an update, adding its "remediation recommendation at this time is full replacement of […]
- Microsoft to Pay $20 Million Penalty for Illegally Collecting Kids' Data on Xbox 2023-06-07Microsoft has agreed to pay a penalty of $20 million to settle U.S. Federal Trade Commission (FTC) charges that the company illegally collected and retained the data of children who signed up to use its Xbox video game console without their parents' knowledge or consent. "Our proposed order makes it easier for parents to protect […]
- Winning the Mind Game: The Role of the Ransomware Negotiator 2023-06-07Get exclusive insights from a real ransomware negotiator who shares authentic stories from network hostage situations and how he managed them. The Ransomware Industry Ransomware is an industry. As such, it has its own business logic: organizations pay money, in crypto-currency, in order to regain control over their systems and data. This industry's landscape is […]
- New PowerDrop Malware Targeting U.S. Aerospace Industry 2023-06-07An unknown threat actor has been observed targeting the U.S. aerospace industry with a new PowerShell-based malware called PowerDrop. "PowerDrop uses advanced techniques to evade detection such as deception, encoding, and encryption," according to Adlumin, which found the malware implanted in an unnamed domestic aerospace defense contractor in May 2023. "The name is derived from the tool,
- New Malware Campaign Leveraging Satacom Downloader to Steal Cryptocurrency 2023-06-06A recent malware campaign has been found to leverage Satacom downloader as a conduit to deploy stealthy malware capable of siphoning cryptocurrency using a rogue extension for Chromium-based browsers. "The main purpose of the malware that is dropped by the Satacom downloader is to steal BTC from the victim's account by performing web injections into targeted cryptocurrency […]
- Over 60K Adware Apps Posing as Cracked Versions of Popular Apps Target Android Devices 2023-06-06Thousands of adware apps for Android have been found to masquerade as cracks or modded versions of popular applications to serve unwanted ads to users as part of a campaign ongoing since October 2022. "The campaign is designed to aggressively push adware to Android devices with the purpose to drive revenue," Bitdefender said in a […]
- 5 Reasons Why IT Security Tools Don't Work For OT 2023-06-06Attacks on critical infrastructure and other OT systems are on the rise as digital transformation and OT/IT convergence continue to accelerate. Water treatment facilities, energy providers, factories, and chemical plants — the infrastructure that undergirds our daily lives could all be at risk. Disrupting or manipulating OT systems stands to pose real physical harm to […]
- Zero-Day Alert: Google Issues Patch for New Chrome Vulnerability - Update Now! 2023-06-06Google on Monday released security updates to patch a high-severity flaw in its Chrome web browser that it said is being actively exploited in the wild. Tracked as CVE-2023-3079, the vulnerability has been described as a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with […]
- Cyclops Ransomware Gang Offers Go-Based Info Stealer to Cybercriminals 2023-06-06Threat actors associated with the Cyclops ransomware have been observed offering an information stealer malware that's designed to capture sensitive data from infected hosts. "The threat actor behind this [ransomware-as-a-service] promotes its offering on forums," Uptycs said in a new report. "There it requests a share of profits from those engaging in malicious activities using its malware."
- Chinese PostalFurious Gang Strikes UAE Users with Sneaky SMS Phishing Scheme 2023-06-06A Chinese-speaking phishing gang dubbed PostalFurious has been linked to a new SMS campaign that's targeting users in the U.A.E. by masquerading as postal services and toll operators, per Group-IB. The fraudulent scheme entails sending users bogus text messages asking them to pay a vehicle trip fee to avoid additional fines. The messages also contain a shortened […]
- Zyxel Firewalls Under Attack! Urgent Patching Required 2023-06-06The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed two recently disclosed flaws in Zyxel firewalls to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010, are buffer overflow vulnerabilities that could enable an unauthenticated attacker to cause a