CVE-2020-3917

This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to use an SSH client provided by private frameworks...

Code injection

This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to use an SSH client provided by private frameworks...

CVE-2020-3917

This issue was addressed with a new entitlement. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2. An application may be able to use an SSH client provided by private frameworks...

WordPress, Apache Struts Attract the Most Bug Exploits

WordPress and Apache Struts vulnerabilities were the most-targeted by cybercriminals in web and application frameworks in 2019 – while input-validation bugs edged out cross-site scripting XSS as the most-weaponized weakness type. That’s according to the RiskSense Spotlight Report, which analyzed...

WordPress, Apache Struts Attract the Most Bug Exploits

WordPress and Apache Struts vulnerabilities were the most-targeted by cybercriminals in web and application frameworks in 2019 – while input-validation bugs edged out cross-site scripting XSS as the most-weaponized weakness type. That’s according to the RiskSense Spotlight Report, which analyzed...

The Insecurity of WordPress and Apache Struts

Interesting data: A study that analyzed all the vulnerability disclosures between 2010 and 2019 found that around 55% of all the security bugs that have been weaponized and exploited in the wild were for two major application frameworks, namely WordPress and Apache Struts. The Drupal content...

UPDATE: FudgeC2 0.5.4

FudgeC2 0.5.4 was released recently. As you may remember, this awesome adversary emulation system was listed in my older post titled – List of Open Source C2 Post-Exploitation Frameworks. This newer version brings in refactored code, improvements to the stager, bug fixes among other changes...

NewStart CGSL CORE 5.05 / MAIN 5.05 : kdelibs Vulnerability (NS-SA-2019-0254)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kdelibs packages installed that are affected by a vulnerability: - In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates ...

Streamlining and Automating Compliance

There are seemingly countless regulatory and industry frameworks out there that organizations have to navigate and comply with. SOX Sarbanes-Oxley, PCI-DSS Payment Card Industry Data Security Standard, GDPR General Data Protection Regulation, HIPAA Health Insurance Portability and Accountability...

NewStart CGSL CORE 5.04 / MAIN 5.04 : kdelibs Vulnerability (NS-SA-2019-0223)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kdelibs packages installed that are affected by a vulnerability: - In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates ...

Android-Gif-Drawable Double-Free Vulnerability

A double free vulnerability in the DDGifSlurp function in decoding.c in libpldroidsonroidsgif before 1.2.15, as used in WhatsApp for Android before 2.19.244, allows remote attackers to execute arbitrary code or cause a denial of service. CVE-2019-11932 is a vulnerability in the android-gif-drawab...

Android Keyboard App Could Swindle 40M Users Out of Millions

Researchers are warning users to delete a popular Android keyboard app that, once downloaded, makes unauthorized purchases of premium digital content. Google told Threatpost it has removed the app from its Google Play marketplace – but researchers say it was downloaded on at least 40 million phon...

Joker Spyware Found in 24 Google Play Apps

A new spyware has been making the rounds in Android apps on Google Play, infecting victims post-download to steal their SMS messages, contact lists and device information. In addition to stealing victims’ information, the malware also stealthily signs them up for premium service subscriptions tha...

Fedora Update for kf5-kconfig FEDORA-2019-48b691092f

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 30 Update: kf5-kconfig-5.59.0-1.fc30.1

KDE Frameworks 5 Tier 1 addon with advanced configuration system made of two parts: KConfigCore and KConfigGui...

CVE-2019-14744

A flaw was found in the KDE Frameworks KConfig prior to version 5.61.0. Certain syntax commands were allowed in .desktop, .directory, and configuration files to allow flexible configurations with the desktop environment. An attacker could add malicious code to a file that a user would...

FreeBSD : KDE Frameworks -- malicious .desktop files execute code (f5f0a640-bae8-11e9-bb3a-001e2a3f778d)

The KDE Community has released a security announcement : The syntax Key$e=$shell command in .desktop files, .directory files, and configuration files typically found in /.config was an intentional feature of KConfig, to allow flexible configuration. This could however be abused by malicious peopl...

KDE Frameworks KConfig Execution Command Vulnerability

KDE Frameworks is a collection of technical base libraries and software frameworks for KDE applications from the KDE community. kConfig is one of the high-level configuration systems, which is mainly used to manage configurations in KDE Frameworks and generate configuration files. A security...

CVE-2019-14744

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .deskto...

DEBIAN-CVE-2019-14744

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .deskto...