About Cross Site Scripting – Roundcube Webmail (CVE-2024-37383) vulnerability

About Cross Site Scripting - Roundcube Webmail CVE-2024-37383 vulnerability. Roundcube is a web-based email client with functionality comparable to desktop email clients such as Outlook Express or Mozilla Thunderbird. The vulnerability is caused by an error in the processing of SVG elements in th...

CentOS 7 : firefox (RHSA-2020:1338)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:1338 advisory. - Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after- free. We are aware of targeted attacks in t...

N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks

Threat actors with ties to North Korea have been observed leveraging two new malware strains dubbed KLogEXE and FPSpy. The activity has been attributed to an adversary tracked as Kimsuky, which is also known as APT43, ARCHIPELAGO, Black Banshee, Emerald Sleet formerly Thallium, Sparkling Pisces,...

Android vulnerability used in targeted attacks patched by Google

Google has released patches for 46 vulnerabilities in Android, including a remote code execution RCE vulnerability that it says has been used in limited, targeted attacks. You can find your device’s Android version number, security update level, and Google Play system level in your Settings app...

Google Patches New Android Kernel Vulnerability Exploited in the Wild

Google has addressed a high-severity security flaw impacting the Android kernel that it said has been actively exploited in the wild. The vulnerability, tracked as CVE-2024-36971, has been described as a case of remote code execution impacting the kernel. "There are indications that CVE-2024-3697...

CVE-2024-39912

web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. The ProfileBasedRequestOptionsBuilder method returns allowedCredentials without any credentials if no username was found...

When spear phishing met mass phishing

Introduction Bulk phishing email campaigns tend to target large audiences. They use catch-all wordings and simplistic formatting, and typos are not uncommon. Targeted attacks take greater effort, with attackers sending personalized messages that include personal details and might look more like...

Cyberattack on Swedish Gambling Site During Eurovision Highlights Strategic Threats

Every year, the Eurovision Song Contest captivates millions of viewers across Europe and beyond, turning a simple music competition into a cultural phenomenon. This popularity extends to various forms of betting, with numerous gambling sites offering odds on Eurovision outcomes. Eurovision has...

MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks

An unknown threat actor is exploiting known security flaws in Microsoft Exchange Server to deploy a keylogger malware in attacks targeting entities in Africa and the Middle East. Russian cybersecurity firm Positive Technologies said it identified over 30 victims spanning government agencies, bank...

Kaspersky Reveals Global Rise in APTs, Hacktivism and Targeted Attacks

By Waqas Kaspersky's Global Research and Analysis Team GReAT has released its latest quarterly report Q1 2024 on the advanced persistent threat APT activity, highlighting several key trends in the threat and risk environment. This is a post from HackRead.com Read the original post: Kaspersky...

Huawei EulerOS: Security Advisory for mozjs60 (EulerOS-SA-2024-1550)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Critical Update: CrushFTP Zero-Day Flaw Exploited in Targeted Attacks

Users of the CrushFTP enterprise file transfer software are being urged to update to the latest version following the discovery of a security flaw that has come under targeted exploitation in the wild. "CrushFTP v11 versions below 11.1 have a vulnerability where users can escape their VFS and...

EulerOS Virtualization 2.10.0 : mozjs60 (EulerOS-SA-2024-1531)

According to the versions of the mozjs60 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an...

EulerOS Virtualization 2.10.1 : mozjs60 (EulerOS-SA-2024-1550)

According to the versions of the mozjs60 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an...

EulerOS Virtualization 2.9.0 : mozjs60 (EulerOS-SA-2024-1473)

According to the versions of the mozjs60 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an...

Huawei EulerOS: Security Advisory for mozjs60 (EulerOS-SA-2024-1341)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for mozjs60 (EulerOS-SA-2024-1319)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : mozjs60 (EulerOS-SA-2024-1341)

According to the versions of the mozjs60 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable cras...

EulerOS 2.0 SP10 : mozjs60 (EulerOS-SA-2024-1319)

According to the versions of the mozjs60 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable cras...

CVE-2024-26138

The XWiki licensor application, which manages and enforce application licenses for paid extensions, includes the document Licenses.Code.LicenseJSON that provides information for admins regarding active licenses. This document is public and thus exposes this information publicly. The information...