The maintainers of the vm2 JavaScript sandbox module have shipped a patch to address a critical flaw that could be abused to break out of security boundaries and execute arbitrary shellcode.
Details about the two vulnerabilities have been withheld in light of active exploitation and to prevent more threat actors from abusing them. The updates are available in version iOS 16.4.1, iPadOS 16.4.1, macOS Ventura 13.3.1, and Safari 16.4.1.
The application allows both internal and external account logins and uses for authentication a JSON Web Token (JWT) that specifies an email address cleared for manually defined user accounts, security researcher Evan Connelly explains.
The cyberattack was detected on Friday evening (07-04-2023), and security measures were immediately heightened. Currently, experts are combing through the municipality’s servers to determine whether any sensitive information has been accessed.
Crypto miner/stealer for hire, Typhon Stealer, received a new update, disclosed Palo Alto Networks. The new variant boasts enhanced anti-analysis techniques, as well as other stealing and file-grabber features. The malware leverages Telegram’s API and infrastructure to exfiltrate all stolen data.
The email states that Adobe has reset the password for the account associated with the users’ Adobe ID, as it may have been compromised in data breaches from other online services.
The critical issue, tracked as CVE-2023-1671 (CVSS score of 9.8), was identified in the warning page handler of the appliance and it could be exploited without authentication.
Hackers have released 16,000 Tasmanian education department documents on the dark web including school children’s personal information, the state government has confirmed.
The flaw was fixed in ThingsBoard version 3.4.2 by generating a random key for every new installation or upgrade to version 3.4.2 or later. If admins can’t upgrade immediately, they can manually change the default signing key for older versions.
NoName057(16) reportedly claimed it was behind DoS attacks against the Finnish parliament’s website on Tuesday, the day the country joined NATO. The country’s Technical Research Centre of Finland was also hacked, according to Finnish news site, YLE.