Cross Site Scripting vulnerabilty found in IXPManager v.5.6.0 allows attackers to excute arbitrary code via the looking glass component.
Yearly Archives: 2023
dino-0.3.2-1.fc36
FEDORA-2023-587d6a00c3
Packages in this update:
dino-0.3.2-1.fc36
Update description:
Maintenance release with fix for CVE-2023-28686 and bug fixes.
dino-0.4.2-1.fc38
FEDORA-2023-ea6b94395f
Packages in this update:
dino-0.4.2-1.fc38
Update description:
Maintenance release with fix for CVE-2023-28686 and bug fixes.
dino-0.3.2-1.fc37
FEDORA-2023-f003d8e633
Packages in this update:
dino-0.3.2-1.fc37
Update description:
Maintenance release with fix for CVE-2023-28686 and bug fixes.
Russian hacktivists deploy new AresLoader malware via decoy installers
Security researchers have started seeing attack campaigns that use a relatively new malware-as-a-service (MaaS) tool called AresLoader. The malicious program appears to be developed and used by several members of a pro-Russia hacktivist group and is typically distributed inside decoy installers for legitimate software.
Security researchers from threat intelligence firm Intel 471 first spotted AresLoader in November when it was advertised by a user with the monikers AiD Lock and DarkBLUP on Telegram and two well-known underground forums. AiD Lock is not a newcomer to malware development and was previously associated with the AiD Locker ransomware-as-a-service (RaaS) program as well as with a group called PHANTOM DEV or DeadXInject Hack.
CVE-2020-19786
File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritrary commands and code via crafted PHP file.
Danger USB! Journalists sent exploding flash drives
If you were sent a USB stick anonymously through the post, would you plug it into your computer?
Perhaps you’ll think twice when you hear what happened to these Ecuadorian journalists.
Read more in my article on the Hot for Security blog.
China-Aligned “Operation Tainted Love” Targets Middle East Telecom Providers
The deployment of custom credential theft malware is the main novelty of the new campaign
mingw-binutils-2.39-6.fc38
FEDORA-2023-15c6e4be28
Packages in this update:
mingw-binutils-2.39-6.fc38
Update description:
Backport fix for CVE-2023-1579.
SharePoint Phishing Scam Targets 1600 Across US, Europe
Cyber-criminals used the scam to steal the credentials for various email accounts