Tag: injection
-
Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342)
Users of Zyxel network-attached storage (NAS) devices are urged to implement hotfixes addressing a critical and easily exploited command injection vulnerability … Source: www.helpnetsecurity.com/2024/09/10/cve-2024-6342/ comments: 0
-
Shocking SQL Injection in TSA App, Bitcoin ATM Scams Targeting Seniors
This week, we discuss a critical SQL injection vulnerability discovered in an app used by the TSA, raising ethical questions about responsible disclosure. Plus, we shed light on the alarming rise of Bitcoin ATM scams exploiting older adults, providing essential tips to protect your loved ones from these devious schemes. Tune in for unique insights……
-
Who uses LLM prompt injection attacks IRL? Mostly unscrupulous job seekers, jokesters and trolls
First seen on theregister.com Jump to article: www.theregister.com/2024/08/13/who_uses_llm_prompt_injection/
-
Zyxel fixed critical OS command injection flaw in multiple routers
Taiwanese manufacturer Zyxel addressed a critical OS command injection flaw affecting multiple models of its business routers. Zyxel has released secu… First seen on securityaffairs.com Jump to article: securityaffairs.com/168020/security/zyxel-os-command-injection-flaw-cve-2024-7261.html
-
Cisco fixes root escalation vulnerability with public exploit code
Cisco has fixed a command injection vulnerability in the Identity Services Engine (ISE) with public exploit code that lets attackers escalate privileg… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-fixes-root-escalation-vulnerability-with-public-exploit-code/
-
Zyxel warns of critical OS command injection flaw in routers
Zyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauth… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/zyxel-warns-of-critical-os-command-injection-flaw-in-routers/
-
Flughafen-Sicherheitskontrollen in den USA über SQL-Injection umgangen
First seen on heise.de Jump to article: www.heise.de/news/TSA-Airport-Sicherheitskontrollen-per-SQL-Injection-ausgehebelt-9853305.html
-
CISA and FBI warn the public about OS command injection vulnerabilities
On July 10, 2024, CISA and the FBI released a new Secure by Design Alert that highlighted the dangers of OS (operating system) command injection vulne… First seen on securityintelligence.com Jump to article: securityintelligence.com/news/cisa-fbi-warn-public-os-command-injeciton-vulnerabilities/
-
Check Point warnt vor SSTI-Angriffen – Mehr Server-Side Template Injection-Angriffe auf Web- und Clouddienste
Tags: injectionSource: www.security-insider.de/steigende-gefahr-server-side-template-injection-angriffe-a-e58f737ef3ed25f20da64cd7d79bef85/ comments: 0
-
SQL Injection Attack on Airport Security
Interesting vulnerability: …a special lane at airport security called Known Crewmember (KCM). KCM is a TSA program that allows pilots an… Source: securityboulevard.com/2024/09/sql-injection-attack-on-airport-security/ comments: 0
-
TSA-Airport-Sicherheitskontrollen per SQL-Injection ausgehebelt
First seen on heise.de Jump to article: www.heise.de/news/TSA-Airport-Sicherheitskontrollen-per-SQL-Injection-ausgehebelt-9853305.html
-
AppDomain Manager Injection exploited for Cobalt Strike beacon delivery
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/appdomain-manager-injection-exploited-for-cobalt-strike-beacon-delivery
-
Multiple Microsoft Apps for macOS Vulnerable to Library Injection Attacks
First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/multiple-microsoft-apps-for-macos-vuln-to-malicious-library-injection-attacks
-
Microsoft Copilot Prompt Injection Vulnerability Let Hackers Exfiltrate Sensitive Data
A security researcher revealed a critical vulnerability in Microsoft Copilot, a tool integrated into Microsoft 365, which allowed hackers to exfiltrat… First seen on gbhackers.com Jump to article: gbhackers.com/microsoft-copilot-prompt-vulnerability/
-
Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)
A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for a… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/08/23/cve-2024-28987/
-
Slack Patches Prompt Injection Flaw in AI Tool Set
Hackers Could Exploit Bug to Manipulate Slack AI’s LLM to Steal Data. Chat app Slack patched a vulnerability in its artificial intelligence tool set t… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/slack-patches-prompt-injection-flaw-in-ai-tool-set-a-26132
-
Hackers now use AppDomain Injection to drop CobaltStrike beacons
A wave of attacks that started in July 2024 rely on a less common technique called AppDomain Manager Injection, which can weaponize any Microsoft .NET… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-now-use-appdomain-injection-to-drop-cobaltstrike-beacons/
-
WordPress Sites Vulnerable to PHP Injection Flaw
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/wordpress-sites-vulnerable-to-php-injection-flaw
-
Microsoft Apps for macOS Exposed to Library Injection Attacks
First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/microsoft-apps-macos-exposed/
-
Navigating Security Threats with Return-Oriented Programming
Assistant Professor Bramwell Brizendine on Process Injection, Advanced Mitigation. Return-oriented programming continues to pose significant security … First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/navigating-security-threats-return-oriented-programming-a-26035
-
Navigating AI-Based Data Security Risks in Microsoft Copilot
Zenity’s Michael Bargury on AI Prompt Injection and Copilot Security Flaws. AI-powered tools such as Microsoft Copilot can be manipulated by attackers… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/navigating-ai-based-data-security-risks-in-microsoft-copilot-a-26021
-
Attacks on Bytecode Interpreters Conceal Malicious Injection Activity
First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/attacks-on-bytecode-interpreters-conceal-malicious-injection-activity
-
New BlankBot Android Trojan Can Steal User Data
The BlankBot Android trojan exfiltrates user data, executes CC commands, and supports custom injections, keylogging, and screen recording. The post Ne… First seen on securityweek.com Jump to article: www.securityweek.com/new-blankbot-android-trojan-can-steal-user-data/
-
Meta Prompt Guard Is Vulnerable to Prompt Injection Attacks
Researchers Add Spaces in ‘Ignore Previous Instructions’ Prompt to Bypass Security. A machine learning model that Meta released last week to prevent p… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/meta-prompt-guard-vulnerable-to-prompt-injection-attacks-a-25886
-
USENIX Security ’23 SQIRL: Grey-Box Detection of SQL Injection Vulnerabilities Using Reinforcement Learning
Authors/Presenters:Salim Al Wahaibi, Myles Foley, Sergio Maffeis Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/usenix-security-23-sqirl-grey-box-detection-of-sql-injection-vulnerabilities-using-reinforcement-learning/
-
Broadcom liefert Update für CVE-2024-22280 – VMware Aria Automation und Cloud Foundation anfällig für SQL-Injections
First seen on security-insider.de Jump to article: www.security-insider.de/broadcom-vmware-sql-injection-schwachstelle-vmware-aria-updates-a-245d38ecf6d1179fcdbe0351da56ae96/
-
Passwort Folge 7: Prompt Injections
Im Podcast von heise security geht es diesmal um Prompt Injections, also Angriffe auf Systeme mit KI-Unterbau gegen die es keinen vollständigen Schutz… First seen on heise.de Jump to article: www.heise.de/news/Passwort-Folge-7-Prompt-Injections-9785133.html
-
CISA and FBI Issue Alert on OS Command Injection Vulnerabilities
CISA and FBI issued a critical advisory on July 10, 2024, urging software companies to review their products and eliminate OS command injection vulner… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/cisa-and-fbi-issue-alert-on-os-command-injection-vulnerabilities/