EUVD-2020-18460

Malware in sbrugna...

CVE-2020-25824

Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within the Export Telegram Data wizard. The threat model is a victim who has voluntarily opened Export Wizard but is then distracted. An attacker then approaches the unattended desktop and pushes the Export...

How Los Angeles banned smartphones in schools (Lock and Code S06E10)

This week on the Lock and Code podcast … There's a problem in class today, and the second largest school district in the United States is trying to solve it. After looking at the growing body of research that has associated increased smartphone and social media usage with increased levels of...

Researchers Expose New Polymorphic Attack That Clones Browser Extensions to Steal Credentials

Cybersecurity researchers have demonstrated a novel technique that allows a malicious web browser extension to impersonate any installed add-on. "The polymorphic extensions create a pixel perfect replica of the target's icon, HTML popup, workflows and even temporarily disables the legitimate...

CVE-2024-8388

CVE-2024-8388 affects Mozilla Firefox for Android. A masked/overlapped notification sequence (Android Toast) used to announce fullscreen transition after the CVE-2023-6870 fix can be leveraged to spoof the browser UI. Root cause: prompts/panels from Firefox and Android OS obscuring the transition...

WordPress Reader Mode - Distraction-Free Content Reader Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Reader Mode - Distraction-Free Content Reader Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 5a7281cdb812 Credits Rafi...

[SECURITY] Fedora 36 Update: ghostwriter-2.1.2-1.fc36

Ghostwriter is a text editor for Markdown, which is a plain text markup format created by John Gruber. For more information about Markdown, please visit John Gruber=EF=BF=BD=EF=BF=BD=EF=BF=BDs website at http://www.daringfir eball.net. Ghostwriter provides a relaxing, distraction-free writing...

[SECURITY] Fedora 35 Update: ghostwriter-2.1.2-1.fc35

Ghostwriter is a text editor for Markdown, which is a plain text markup format created by John Gruber. For more information about Markdown, please visit John Gruber=EF=BF=BD=EF=BF=BD=EF=BF=BDs website at http://www.daringfir eball.net. Ghostwriter provides a relaxing, distraction-free writing...

How cloud data distracts businesses from correct data security practices

By Waqas Companies are migrating to cloud-based servers to store their data. More than half of all businesses report that their data is stored in the cloud. This is a post from HackRead.com Read the original post: How cloud data distracts businesses from correct data security practices...

Trump's TikTok Drama Is a Distraction

As the White House zeroes in on a single app, some experts say more pressing issues are going by the wayside...

SprintWork 2.3.1 Local Privilege Escalation

Exploit Title: SprintWork 2.3.1 - Local Privilege Escalation Exploit Author: boku Date: 2020-02-13 Vendor Homepage: https://veridium.net Software Link: https://veridium.net/filesu/spx/exe/SprintWork-Setup.exe Version: 2.3.1 Tested On: Windows 10 32-bit Vulnerability Overview: SprintWork v2.3.1 x8...

NTSB Investigation of Fatal Driverless Car Accident

Autonomous systems are going to have to do much better than this. The Uber car that hit and killed Elaine Herzberg in Tempe, Ariz., in March 2018 could not recognize all pedestrians, and was being driven by an operator likely distracted by streaming video, according to documents released by the...

The Perils of Distracted Fighting

Opinion: Without proper guidelines, smartphones on the battlefield may kill more soldiers than they save...

A week in security (January 28 – February 3)

Last week, we ran another in our interview with a malware hunter series, explained a FaceTime vulnerability, and took a deep dive into a new stealer. We also threw some light on a Houzz data breach, and what exactly happened between Apple and Facebook. Other cybersecurity news Kwik Fit hit by...

Ryuk Ransomware Attack: Rush to Attribution Misses the Point

ARCHIVED STORY Ryuk Ransomware Attack: Rush to Attribution Misses the Point By John Fokker · January 09, 2019 Senior analyst Ryan Sherstobitoff contributed to this report. During the past week, an outbreak of Ryuk ransomware that impeded newspaper printing services in the United States has garner...

Double Whammy: When One Attack Masks Another Attack

In some contexts, a double whammy can mean a good thing: when your favorite team wins two games in a row, when two candy bars fall from the vending machine, etc. However, in the context of cyber security, a double whammy may translate to being attacked while still reeling from the impact of anoth...

EGESPLOIT - A Golang Library For Malware Development

EGESPLOIT is a golang library for malware development, it has few unique functions for meterpreter integration. DOCUMENTATION CalculateChecksumx : Function calculates x digit 8 bit checksum for reverse HTTP/HTTPS meterpreter connections, returns the calculated checksum as string...

"Warning Zombies Ahead!" - Road sign board Hacked

Drivers may have gotten a chuckle out of an electronic message board in Maine warning of zombies, but city officials were not amused. A Portland, Maine road sign is changed to a zombie warning on Wednesday, Oct. 10, 2012. It originally read "Night work 8 pm-6 am. Expect delays." An electronic...

Gary McGraw on the BSIMM4 and How to Avoid Being the Slowest Zebra

Dennis Fisher talks with Gary McGraw of Cigital about the release of the BSIMM4 data, how software security programs have matured in the last four years and how the government has become distracted by cyberwar and is ignoring software security, to its detriment. Download: digitalunderground105...