Security Boulevard

AUGUST 2, 2021

A vulnerability in the open-source cdnjs CDN could have enabled cyberattacks on the 12.7% of ALL websites that rely on its JavaScript and CSS libraries, with hackers taking over systems or propagating flaws to millions of websites.

Network Security 113

Network Security 113

Security Affairs

APRIL 9, 2023

The development team behind the vm2 JavaScript sandbox library addressed a critical Remote Code Execution vulnerability. The developers behind the vm2 JavaScript sandbox module have addressed a critical vulnerability, tracked as CVE-2023-29017 (CVSS score 9.8), that could be exploited to execute arbitrary shellcode.

Education 68

Education Media Hacking Accountability 68

Security Affairs

APRIL 10, 2023

Sophos addressed three vulnerabilities in Sophos Web Appliance, including a critical flaw that can lead to code execution. Cybersecurity vendor Sophos addressed three vulnerabilities in Sophos Web Appliance, including a critical flaw, tracked as CVE-2023-1671 (CVSS score of 9.8), that can lead to code execution.

Firewall 90

Firewall Education Media Hacking 90

Security Affairs

MAY 26, 2022

The vulnerabilities were reported by Manfred Paul during the Pwn2Own 2022 hacking contest that took place in Vancouver last week: CVE-2022-1802: Prototype pollution in Top-Level Await implementation CVE-2022-1529: Untrusted input used in JavaScript object indexing, leading to prototype pollution. ” reads the advisory.

Surveillance 105

Surveillance Passwords Hacking Encryption 105

Veracode Security

JULY 19, 2022

Prototypes JavaScript is a programming language based on prototypes instead of classes. This object-based inheritance provides the flexibility and efficiency that web developers favor, yet this behavior opens applications to vulnerabilities via object manipulation.

90

90

Security Affairs

APRIL 18, 2022

US CISA adds a VMware privilege escalation flaw and a Google Chrome type confusion issue to its Known Exploited Vulnerabilities Catalog. Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Engineering 133

Engineering Cybersecurity Hacking Risk 133

Security Affairs

DECEMBER 30, 2022

A new Linux malware has been exploiting 30 vulnerabilities in outdated WordPress plugins and themes to deploy malicious JavaScripts. 1, that compromises WordPress websites by exploiting 30 vulnerabilities in multiple outdated plugins and themes. Newspaper Theme on WordPress Access Control (vulnerability CVE-2016-10972).

Malware 81

Malware Hacking Accountability Phishing 81

Security Affairs

MAY 4, 2023

The CVE-2023-27350 flaw is a PaperCut MF/NG Improper Access Control Vulnerability. PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of SYSTEM. ” states VulnCheck.

Education 91

Education Malware Software Cybersecurity 91

Heimadal Security

JUNE 9, 2021

A remote code execution was used by the zero-day exploit chain, therefore, being able to execute vulnerabilities in the Google Chrome V8 JavaScript engine and access the targeted systems. The post Windows 10 Targeted by PuzzleMaker Hackers appeared first on Heimdal Security Blog.

Engineering 97

Engineering Cybersecurity 97

Security Affairs

APRIL 14, 2023

Google released an emergency security update to address a zero-day vulnerability in Chrome which is actively exploited in the wild. Google released an emergency security update to address the first Chrome zero-day vulnerability (CVE-2023-2033) in 2023, the company is aware of attacks in the wild exploiting the issue.

Education 81

Education Media Engineering Hacking 81

Security Affairs

MAY 5, 2022

Cybersecurity provider F5 released security patches to address tens of vulnerabilities affecting its products. Security and application delivery solutions provider F5 released its security notification to inform customers that it has released security updates from tens of vulnerabilities in its products. ” reads the advisory.

Authentication 77

Authentication Cybersecurity Hacking Information Security 77

eSecurity Planet

OCTOBER 25, 2022

A ransomware family targeting individual computer users is using a zero-day Windows bug to infect users, ANALYGENCE senior vulnerability analyst Will Dormann has found. While it first spread largely through MSI and.exe files, the HP researchers noted that starting in September 2022, Magniber was distributed using JavaScript files.

Ransomware 108

Ransomware Antivirus Accountability Malware 108

Malwarebytes

SEPTEMBER 14, 2021

Google announced on Monday that it will be issuing patches for 11 high severity vulnerabilities found in Chrome, including two that are currently being exploited in the wild. Readers should note that other popular browsers such as Brave and Edge are also Chromium-based and therefore likely to be vulnerable to these flaws too.

Engineering 133

Engineering Marketing 133

Security Affairs

APRIL 19, 2023

The vulnerability is an Integer overflow in the Skia graphics library, the issue was reported by Clément Lecigne of Google’s Threat Analysis Group on April 12, 2023. The vulnerability is a Type Confusion issue that resides in the JavaScript engine V8.

Education 88

Education Media Engineering Hacking 88

Security Affairs

APRIL 15, 2022

Google Chrome 100.0.4896.127 addresses a new high-severity zero-day vulnerability tracked as CVE-2022-1364, actively exploited by threat actors in the wild. Shane Huntley, Google’s Threat Analysis Group chief, highlighted that the flaw was quicky addressed by the company. Another Chrome 0day (CVE-2022-1364) in the wild found by @_clem1.

Engineering 86

Engineering Hacking Cybersecurity Information Security 86

eSecurity Planet

NOVEMBER 16, 2021

HTML smuggling is an evasive technique that uses legitimate HTML5 or JavaScript features to make its way past firewalls and other security technologies. For example, disabling JavaScript could mitigate HTML smuggling created using JavaScript Blobs,” the researchers wrote. Leveraging HTML5 and JavaScript.

Firewall 121

Firewall Ransomware Banking Malware 121

Security Affairs

APRIL 22, 2019

The popular jQuery JavaScript library is affected by a rare prototype pollution vulnerability that could allow attackers to modify a JavaScript object’s prototype. The impact of the issue could be severe considering that the jQuery JavaScript library is currently used on 74 percent of websites online, most sites still use the 1.x

Advertising 104

Advertising Hacking 104

Security Affairs

MAY 24, 2022

Threat actors behind web skimming campaigns are using malicious JavaScript to mimic Google Analytics and Meta Pixel scripts to avoid detection. The experts also observed compromised web applications injected with malicious JavaScript masquerading as Google Analytics and Meta Pixel (formerly Facebook Pixel) scripts. Pierluigi Paganini.

Hacking 72

Hacking eCommerce Cybersecurity Information Security 72

Pen Test Partners

MAY 2, 2024

The LUCKY13 attack was a vulnerability and tied attack identified in February 2013 by AlFardan and Paterson of the Royal Holloway, University of London and given CVE-2013-0169. Caveat: roll your own, or legacy versions may be vulnerable. What is it? Why is it reported?

Risk 63

Risk Software Authentication Internet 63

Security Affairs

OCTOBER 12, 2023

It exploits 30 vulnerabilities in a number of plugins and themes for this platform. If sites use outdated versions of such add-ons, lacking crucial fixes, the targeted webpages are injected with malicious JavaScripts.” ” Sucuri states that in recent attacks, the threat actors targeted vulnerable tagDiv’s premium themes. .

Malware 112

Malware Hacking Accountability Cybercrime 112

Security Affairs

APRIL 22, 2022

Experts disclose an unpatched vulnerability in the RainLoop webmail client, tracked as CVE-2022-29360, that can be exploited to steal users’ emails. The vulnerability is a stored cross-site scripting (XSS) issue that impacts RainLoop version 1.16.0, Upon opening the email, a hidden JavaScript payload is executed in the browser.

Passwords 79

Passwords Hacking Software Cybersecurity 79

Security Boulevard

MARCH 28, 2022

On Friday, March 25, 2022, Google released an out-of-cycle emergency update for Chrome, tracked as CVE-2022-1096 regarding a high-severity vulnerability in the Chrome V8 JavaScript engine. What happened? The attack was…. The post Google Chrome Zero-Day Attack: What You Need to Know appeared first on Nuspire.

Engineering 98

Engineering Software 98

Security Affairs

JUNE 13, 2022

Ukraine’s Computer Emergency Response Team (CERT) warns that the Russia-linked Sandworm APT group may exploit the Follina RCE vulnerability. ” Upon opening the document it will load the HTML-file and execute JavaScript code, which, in turn, will download and execute the EXE-file “2.txt”, Pierluigi Paganini.

Media 92

Media Government Hacking Cybersecurity 92

Security Affairs

NOVEMBER 28, 2021

In mid-2020, ZINC hackers created Twitter profiles for fake security researchers that were used to retweet security content and posting about vulnerability research. Attackers used Twitter profiles for sharing links to a blog under their control ( br0vvnn[.]io eXplorer.

Malware 122

Malware Phishing Antivirus Hacking 122

The Last Watchdog

APRIL 5, 2021

These technologies help check the source code for vulnerabilities that could be exploited by attackers in a production environment. However, finding and fixing those vulnerabilities is still not enough to guarantee end-to-end protection of the source code – there is still one key missing piece. About the essayist.

Technology 164

Technology Threat Detection Mobile Marketing 164

Malwarebytes

DECEMBER 15, 2023

In this blog post, we share details about this new campaign along with indicators of compromise. Users are tricked to download a zip archive containing a malicious JavaScript. They perform fingerprinting via JavaScript to determine, among other things, if the user is running a virtual machine.

Social Engineering 125

Social Engineering Engineering Malware Marketing 125

Troy Hunt

MARCH 31, 2021

However, it's now owned by me and it's just sitting there doing pretty much nothing other than serving a little bit of JavaScript. I'll come back to that shortly, let's return to the business model of Coinhive: So, instead of serving ads you put a JavaScript based cryptominer on your victi. So, what could I do with JavaScript?

Technology 363

Technology Mobile Internet Internet 363

Security Boulevard

MAY 21, 2021

is a popular open-source JavaScript framework for building single-page applications and user interfaces. XSS is a major problem, especially with apps built using front-end JavaScript frameworks, so many options include XSS protection. Use a SAST tool to find the vulnerabilities present in your application. Conclusion.

Software 89

Software 89

Hacker Combat

OCTOBER 10, 2022

Vm2, a JavaScript sandbox package that receives more than 16 million downloads each month, provides the synchronous execution of untrusted code within a single process. was released, fixing the SandBreak vulnerability , but up until now, technical information on the flaw has been withheld. to escape the sandbox.” ” Node.js

Engineering 109

Engineering Software Risk 109

Security Affairs

JANUARY 29, 2021

Microsoft, like Google TAG, observed a cyber espionage campaign aimed at vulnerability researchers that attributed to North Korea-linked Zinc APT group. Researchers from Microsoft monitored a cyber espionage campaign aimed at vulnerability researchers and attributed the attacks to North Korea-linked Zinc APT group. eXplorer.

Malware 112

Malware Antivirus Hacking Accountability 112

Security Affairs

MAY 12, 2022

Cybersecurity researchers from Sucuri uncovered a massive campaign that compromised thousands of WordPress websites by injecting malicious JavaScript code that redirects visitors to scam content. The infections automatically redirect site visitors to third-party websites containing malicious content (i.e. ” concludes the report.

Hacking 87

Hacking Scams Phishing Cybersecurity 87

Security Affairs

APRIL 15, 2022

Threat actors are targeting Ukrainian government organizations with exploits for XSS vulnerabilities in Zimbra Collaboration Suite (CVE-2018-6882). Ukraine’s CERT (CERT-UA) warns of threat actors that are targeting government organizations with exploits for XSS vulnerabilities in Zimbra Collaboration Suite ( CVE-2018-6882 ).

Phishing 80

Phishing Government Accountability Hacking 80

Security Affairs

APRIL 30, 2022

The attackers took control of the equipment in question by exploiting cyber security vulnerabilities, respectively the lack of cyber security measures and used them as a vector of attack on sites in Romania.” ” reads the announcement published by the Romanian Intelligence Service. To nominate, please visit:? Pierluigi Paganini.

DDOS 84

DDOS Banking Government Cyber Attacks 84

Malwarebytes

JANUARY 24, 2022

In this blog, we will review the attack and tie it back to a previous campaign that is attributed to Magecart Group 12. We already have informed Segway so that they can fix their site, but are publishing this blog now in order to raise awareness. Our web protection team recently identified a web skimmer on Segway’s online store.

128

128

Security Boulevard

MARCH 1, 2022

The most common vulnerabilities to look out for in Angular and React applications: template injection, XSSI, authentication bypass, and more. Thankfully, most real-life vulnerabilities share the same root causes. The use of every language, framework, or environment exposes the application to a unique set of vulnerabilities.

Authentication 52

Authentication Banking Phishing Passwords 52

Security Affairs

MAY 6, 2023

A reflected cross-site scripting vulnerability is the Advanced Custom Fields plugin for WordPress exposed over 2 million sites to hacking. Assetnote researchers discovered a reflected cross-site scripting vulnerability, tracked as CVE-2023-29489 (CVSS score: 6.1), in the Advanced Custom Fields plugin for WordPress. 11.102.0.31

Authentication 95

Authentication Hacking Engineering Cybersecurity 95

Security Affairs

JULY 9, 2019

Lodash is a JavaScript library which provides utility functions for common programming tasks using the functional programming paradigm. Liran Tal, a developer advocate at Snyk, discovered a high-severity prototype pollution vulnerability, tracked as CVE-2019-10744, that affects all versions of L odash. ” wrote the expert.

Advertising 63

Advertising Engineering Hacking Software 63