21 matches found
CVE-2023-0214
A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be...
Open Redirect
drupal/drupal is vulnerable to Open Redirect. The vulnerability is due to the insecure handling of the "destination" query string parameter in Drupal core and contributed modules. This allows malicious users to craft URLs that redirect unsuspecting users to third-party websites...
Class-Action Lawsuit against Google’s Incognito Mode
The lawsuit has been settled: Google has agreed to delete "billions of data records" the company collected while users browsed the web using Incognito mode, according to documents filed in federal court in San Francisco on Monday. The agreement, part of a settlement in a class action lawsuit file...
Free VPN apps turn Android phones into criminal proxies
Researchers at HUMAN’s Satori Threat Intelligence have discovered a disturbing number of VPN apps that turn users devices into proxies for cybercriminals without their knowledge, as part of a camapign called PROXYLIB. Cybercriminals and state actors like to send their traffic through other people...
Italian Businesses Hit by Weaponized USBs Spreading Cryptojacking Malware
A financially motivated threat actor known as UNC4990 is leveraging weaponized USB devices as an initial infection vector to target organizations in Italy. Google-owned Mandiant said the attacks single out multiple industries, including health, transportation, construction, and logistics. "UNC499...
Satacom delivers browser extension that steals cryptocurrency
Satacom downloader, also known as LegionLoader, is a renowned malware family that emerged in 2019. It is known to use the technique of querying DNS servers to obtain the base64-encoded URL in order to receive the next stage of another malware family currently distributed by Satacom. The Satacom...
About the security content of Safari 15.3
About the security content of Safari 15.3 This document describes the security content of Safari 15.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
CVE-2021-43540
WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox 95...
CVE-2021-43540
WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox 95...
CVE-2021-43540
WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox 95...
About the security content of Safari 14.0
About the security content of Safari 14.0 This document describes the security content of Safari 14.0. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
About the security content of Xcode 11.3
About the security content of Xcode 11.3 This document describes the security content of Xcode 11.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
Open Redirect
Overview Versions of serveprior to 11.3.2 are vulnerable to Open Redirect. The package redirected requests to third-party websites for URLs such as localhost:5000//example.com/index. The user would be redirected to example.com. Recommendation Upgrade to version 11.3.2 or later. References...
Movie stream ebooks gun for John Wick 3 on Kindle store
We discovered a novel spam campaign over the weekend, targeting fans of John Wick on the Amazon Kindle store. The scam itself involves paying for what appears to be the upcoming third movie, turns into a bogus ebook, and goes on to hyperlink potential victims to a collection of third-party...
Google Cracks Down On Nosy Android Apps
Google is cracking down on unwanted and harmful Android apps with a new effort that will show warnings on applications and on third-party websites distributing apps that collect personal data without user consent. The effort is an expansion of the Google Safe Browsing team’s mission to enforce th...
About the security content of iCloud for Windows 7.1
About the security content of iCloud for Windows 7.1 This document describes the security content of iCloud for Windows 7.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
Automattic: Cross Domain leakage of sensitive information - Leading to Account Takeover at Instagram Brand
Product / URL https://instagram-brand.com/register/reset/?email= Description and Impact After a user clicks on the password reset link obtained in inbox, the page for password resetting functionality opens. If you monitor the HTTP Requests that are done while that page is loaded, you will come to...
Opera Browser Sync Service Hacked; Users' Data and Saved Passwords Compromised
Opera has reset passwords of all users for one of its services after hackers were able to gain access to one of its Cloud servers this week. Opera Software reported a security breach last night, which affects all users of the sync feature of its web browser. So, if you’ve been using Opera’s Cloud...
About the security content of AirPort Base Station Firmware Update 7.6.7 and 7.7.7
About the security content of AirPort Base Station Firmware Update 7.6.7 and 7.7.7 This document describes the security content of AirPort Base Station Firmware Update 7.6.7 and 7.7.7. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full...
Cross-origin information leak through web workers error events — Mozilla
Security researcher Masato Kinugawa reported a cross-origin information leak through the error events in web workers. This violates same-origin policy and the leaked information could potentially be used by a malicious party to gather authentication tokens and other data from third-party websites...