31Mar
[webapps] Spitfire CMS 1.0.475 – PHP Object Injection
Spitfire CMS 1.0.475 – PHP Object Injection
30Mar
Researchers Detail Severe “Super FabriXss” Vulnerability in Microsoft Azure SFX
Details have emerged about a now-patched vulnerability in Azure Service Fabric Explorer (SFX) that could lead to unauthenticated remote code execution.
Tracked as CVE-2023-23383 (CVSS score: 8.2), the issue has been dubbed “Super FabriXss” by Orca Secu…
30Mar
Chinese RedGolf Group Targeting Windows and Linux Systems with KEYPLUG Backdoor
A Chinese state-sponsored threat activity group tracked as RedGolf has been attributed to the use of a custom Windows and Linux backdoor called KEYPLUG.
“RedGolf is a particularly prolific Chinese state-sponsored threat actor group that has likely been…
30Mar
Detecting signal amplification attacks against PKE keyless fobs
During the early hours of the morning there was an attempt to enter and presumably steal various vehicles on my street, detected well after the fact via householders reviewing CCTV motion detection alerts. There is only ever one person i…
30Mar
New Wi-Fi Protocol Security Flaw Affecting Linux, Android and iOS Devices
A group of academics from Northeastern University and KU Leuven has disclosed a fundamental design flaw in the IEEE 802.11 Wi-Fi protocol standard, impacting a wide range of devices running Linux, FreeBSD, Android, and iOS.
Successful exploitation of t…
30Mar
MSI Dump – A Tool That Analyzes Malicious MSI Installation Packages, Extracts Files, Streams, Binary Data And Incorporates YARA Scanner
MSI Dump – a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner. On Macro-enabled Office documents we can quickly use oletools mraptor to determine whether document is malicious…
30Mar
Cyberstorage: Leveraging the Multi-Cloud to Combat Data Exfiltration
Multi-cloud data storage, once merely a byproduct of the great cloud migration, has now become a strategy for data management. “Multi-cloud by design,” and its companion the supercloud, is an ecosystem in which several cloud systems work together to pr…
30Mar
AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services
A new “comprehensive toolset” called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers.
“The spread of AlienFox represents an unreported trend towa…
30Mar
3CX Desktop App Targeted in Supply Chain Cyber Attack, Affecting Millions of Users
3CX said it’s working on a software update for its desktop app after multiple cybersecurity vendors sounded the alarm on what appears to be an active supply chain attack that’s using digitally signed and rigged installers of the popular voice and video…
30Mar
Update now! Apple fixes actively exploited vulnerability and introduces new features
|
Categories: Apple Categories: Exploits and vulnerabilities Categories: News Tags: macOS Tags: iOS Tags: iPadOS Tags: watchOS Tags: tvOS Tags: Studio Display Tags: CVE-2023-23529 Tags: type confusion Tags: emoji Apple has released security updates and new features for several of its products, including a fix for an actively exploited vulnerability. |
The post Update now! Apple fixes actively exploited vulnerability and introduces new features appeared first on Malwarebytes Labs.
