Ukraine's CERT Thwarts APT28's Cyberattack on Critical Energy Infrastructure

The Computer Emergency Response Team of Ukraine CERT-UA on Tuesday said it thwarted a cyber attack against an unnamed critical energy infrastructure facility in the country. The intrusion, per the agency, started with a phishing email containing a link to a malicious ZIP archive that activates th...

CVE-2023-37829

A cross-site scripting XSS vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notification.message parameter...

CVE-2023-37828

A cross-site scripting XSS vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tasktyp parameter...

CVE-2023-37827

A cross-site scripting XSS vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the executionBlockName parameter...

An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event wait_event_interruptible is called; the condition is dvb_frontend_test_event(feprivevents). In dvb_frontend_test_event down(&fepriv->sem) is called. However wait_event_interruptible would put the process to sleep and down(&fepriv->sem) may block the process.

...

General Solutions Steiner CASE 3 Taskmanagement Cross-Site Scripting Vulnerability

General Solutions Steiner CASE 3 Taskmanagement is an application from General Solutions Steiner, Austria. A security vulnerability exists in General Solutions Steiner CASE 3 Taskmanagement version V3.3. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a...

Internet Bug Bounty: CVE-2023-40195: Apache Airflow Spark Provider Deserialization Vulnerability RCE

Apache Airflow Spark Provider before 4.1.3 was affected by a deserialization vulnerability that allowed remote code execution RCE. Attackers could exploit this vulnerability by configuring a malicious Spark server address through the Airflow UI, which would then manipulate the PySpark clients...

CVE-2023-0238

Due to lack of a security policy, the WARP Mobile Client =6.29 for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the task...

China-Linked Flax Typhoon Cyber Espionage Targets Taiwan's Key Sectors

A nation-state activity group originating from China has been linked to cyber attacks on dozens of organizations in Taiwan as part of a suspected espionage campaign. The Microsoft Threat Intelligence team is tracking the activity under the name Flax Typhoon, which is also known as Ethereal Panda...

FreeBSD : electron25 -- multiple vulnerabilities (5999fc39-72d0-4b99-851c-ade7ff7125c3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 5999fc39-72d0-4b99-851c-ade7ff7125c3 advisory. - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to...

Android Manifest Misconfiguration Leading to Task Hijacking

Description Task hijacking allows malicious apps to inherit permissions of vulnerable apps and is usually used for phishing login credentials of victims. This vulnerability applies to all Android versions before Android 11. Steps To Reproduce: 1. Victim installs malicious app 1. Victim starts...

Bots Are Better than Humans at Solving CAPTCHAs

Interesting research: "An Empirical Study & Evaluation of Modern CAPTCHAs": Abstract: For nearly two decades, CAPTCHAS have been widely used as a means of protection against bots. Throughout the years, as their use grew, techniques to defeat or bypass CAPTCHAS have continued to improve. Meanwhile...

SUSE CVE-2023-38898

An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the asyncio.swapcurrenttask component. NOTE: this is disputed by the vendor because 1 neither 3.7 nor any other release is affected it is a bug in some 3.12 pre-releases; 2 there are no common scenarios in whi...

Malicious code in school-task-tester (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 68ee519ca1ab3166481b83f77e489872146bf1fb26bfe3678f16da5e5aa169a0 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

MAL-2023-7940 Malicious code in school-task-tester (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 68ee519ca1ab3166481b83f77e489872146bf1fb26bfe3678f16da5e5aa169a0 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

CVE-2023-38898

An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the asyncio.swapcurrenttask component. NOTE: this is disputed by the vendor because 1 neither 3.7 nor any other release is affected it is a bug in some 3.12 pre-releases; 2 there are no common scenarios in whi...

CVE-2023-38898

An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the asyncio.swapcurrenttask component. NOTE: this is disputed by the vendor because 1 neither 3.7 nor any other release is affected it is a bug in some 3.12 pre-releases; 2 there are no common scenarios in whi...

Python cpython Security Vulnerabilities

cpython is the Python Foundation's Python interpreter implemented in the C language. Python A security vulnerability exists in version 3.7 of cpython that stems from a crash due to improper reference counting in the asyncio.swapcurrenttask module...

PSF-2023-7 Reference count issue in _asyncio._swap_current_task()

An issue in Python CPython 3.12.0b1 allows an attacker to obtain sensitive information via the asyncio.swapcurrenttask component...

macOS Ventura Background Task Flaws Can Be Exploited for Malware

By Habiba Rashid Renowned Mac security researcher Patrick Wardle recently unveiled potential weaknesses within Apples macOS Ventura, shedding light on vulnerabilities… This is a post from HackRead.com Read the original post: macOS Ventura Background Task Flaws Can Be Exploited for Malware...