Tag: injection
-
Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824)
by
in SecurityNewsCVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cyber… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/03/cve-2024-29824/
-
Ivanti Confirms Exploitation of an Old Critical Vuln
by
in SecurityNewsRemote Code Execution Bug Exploited in Limited Attacks. Ivanti confirmed that hackers are exploiting an SQL injection vulnerability in its Ivanti Endp… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ivanti-confirms-exploitation-old-critical-vuln-a-26452
-
Google Gemini for Workspace Vulnerable to Indirect Prompt Injection
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/google-gemini-for-workspace-vulnerable-to-indirect-prompt-injection
-
Gemini for Workspace susceptible to indirect prompt injection, researchers say
by
in SecurityNews
Tags: injectionFirst seen on scworld.com Jump to article: www.scworld.com/news/gemini-for-workspace-susceptible-to-indirect-prompt-injection-researchers-say
-
Prolonged spyware injection possible with ChatGPT macOS flaw
First seen on scworld.com Jump to article: www.scworld.com/brief/prolonged-spyware-injection-possible-with-chatgpt-macos-flaw
-
ChatGPT Flaw Could Lead to macOS Spyware Injection
First seen on scworld.com Jump to article: www.scworld.com/brief/chatgpt-flaw-could-lead-to-macos-spyware-injection
-
Security Firm Shows How Threat Actors Could Abuse Google’s Gemini AI Assistant
by
in SecurityNewsHiddenLayer has discovered that Google Gemini for Workspace is prone to indirect prompt injection attacks. The post Security Firm Shows How Threat Act… First seen on securityweek.com Jump to article: www.securityweek.com/ai-security-firm-shows-how-threat-actors-could-abuse-google-gemini-for-workspace/
-
Thread Name-Calling using Thread Name for offense
by
in SecurityNewsesearch by: hasherezade Highlights: Introduction Process injection is one of theimportant techniques used by attackers. We can find its variants imple… First seen on research.checkpoint.com Jump to article: research.checkpoint.com/2024/thread-name-calling-using-thread-name-for-offense/
-
AI Security Firm Shows How Threat Actors Could Abuse Google Gemini for Workspace
by
in SecurityNewsHiddenLayer has discovered that Google Gemini for Workspace is prone to indirect prompt injection attacks. The post AI Security Firm Shows How Threat … First seen on securityweek.com Jump to article: www.securityweek.com/ai-security-firm-shows-how-threat-actors-could-abuse-google-gemini-for-workspace/
-
Popular Microsoft apps for Mac at risk of code injection attacks
by
in SecurityNewsFirst seen on computerweekly.com Jump to article: www.computerweekly.com/news/366605734/Popular-Microsoft-apps-for-Mac-at-risk-of-code-injection-attacks
-
PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190)
by
in SecurityNewsCVE-2024-8190, an OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) v4.6, is under active exploitation. Details about the at… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/17/cve-2024-8190/
-
EchoStrike: Generate undetectable reverse shells, perform process injection
by
in SecurityNewsEchoStrike is an open-source tool designed to generate undetectable reverse shells and execute process injection on Windows systems. >>EchoStrike allo… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/16/echostrike-reverse-shells-process-injection/
-
CVE-2024-8190: Investigating CISA KEV Ivanti Cloud Service Appliance Command Injection Vulnerability
by
in SecurityNewsOn September 10, 2024, Ivanti released a security advisory for a command injection vulnerability for it’s Cloud Service Appliance (CSA) product. Initi… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/cve-2024-8190-investigating-cisa-kev-ivanti-cloud-service-appliance-command-injection-vulnerability/
-
Flugverkehr: Sicherheitskontrollen per SQL-Injection umgangen
by
in SecurityNewsEin Forscherduo hat eine Sicherheitslücke mit potenziell gravierenden Auswirkungen auf die Flugsicherheit entdeckt. Angeblich ließen sich sogar unbefu… First seen on golem.de Jump to article: www.golem.de/news/flugverkehr-sicherheitskontrollen-per-sql-injection-umgangen-2408-188552.html
-
Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers
Zyxel has released software updates to address a critical security flaw impacting certain access point (AP) and security router versions that could re… First seen on thehackernews.com Jump to article: thehackernews.com/2024/09/zyxel-patches-critical-os-command.html
-
Zenity CTO on dangers of Microsoft Copilot prompt injections
by
in SecurityNewsZenity’s CTO describes how hidden email code can be used to feed malicious prompts to a victim’s Copilot instance, leading to false outputs and even c… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366602358/Zenity-CTO-on-dangers-of-Microsoft-Copilot-prompt-injections
-
Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342)
Users of Zyxel network-attached storage (NAS) devices are urged to implement hotfixes addressing a critical and easily exploited command injection vul… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/10/cve-2024-6342/
-
Shocking SQL Injection in TSA App, Bitcoin ATM Scams Targeting Seniors
by
in SecurityNewsThis week, we discuss a critical SQL injection vulnerability discovered in an app used by the TSA, raising ethical questions about responsible disclos… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/shocking-sql-injection-in-tsa-app-bitcoin-atm-scams-targeting-seniors/
-
Who uses LLM prompt injection attacks IRL? Mostly unscrupulous job seekers, jokesters and trolls
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/08/13/who_uses_llm_prompt_injection/
-
Zyxel fixed critical OS command injection flaw in multiple routers
Taiwanese manufacturer Zyxel addressed a critical OS command injection flaw affecting multiple models of its business routers. Zyxel has released secu… First seen on securityaffairs.com Jump to article: securityaffairs.com/168020/security/zyxel-os-command-injection-flaw-cve-2024-7261.html
-
Cisco fixes root escalation vulnerability with public exploit code
by
in SecurityNewsCisco has fixed a command injection vulnerability in the Identity Services Engine (ISE) with public exploit code that lets attackers escalate privileg… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-fixes-root-escalation-vulnerability-with-public-exploit-code/
-
Zyxel warns of critical OS command injection flaw in routers
by
in SecurityNewsZyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauth… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/zyxel-warns-of-critical-os-command-injection-flaw-in-routers/
-
Flughafen-Sicherheitskontrollen in den USA über SQL-Injection umgangen
by
in SecurityNewsFirst seen on heise.de Jump to article: www.heise.de/news/TSA-Airport-Sicherheitskontrollen-per-SQL-Injection-ausgehebelt-9853305.html
-
CISA and FBI warn the public about OS command injection vulnerabilities
by
in SecurityNewsOn July 10, 2024, CISA and the FBI released a new Secure by Design Alert that highlighted the dangers of OS (operating system) command injection vulne… First seen on securityintelligence.com Jump to article: securityintelligence.com/news/cisa-fbi-warn-public-os-command-injeciton-vulnerabilities/
-
Check Point warnt vor SSTI-Angriffen – Mehr Server-Side Template Injection-Angriffe auf Web- und Clouddienste
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/steigende-gefahr-server-side-template-injection-angriffe-a-e58f737ef3ed25f20da64cd7d79bef85/
-
SQL Injection Attack on Airport Security
by
in SecurityNewsInteresting vulnerability: …a special lane at airport security called Known Crewmember (KCM). KCM is a TSA program that allows pilots an… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/sql-injection-attack-on-airport-security/
-
TSA-Airport-Sicherheitskontrollen per SQL-Injection ausgehebelt
by
in SecurityNewsFirst seen on heise.de Jump to article: www.heise.de/news/TSA-Airport-Sicherheitskontrollen-per-SQL-Injection-ausgehebelt-9853305.html
-
AppDomain Manager Injection exploited for Cobalt Strike beacon delivery
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/appdomain-manager-injection-exploited-for-cobalt-strike-beacon-delivery
-
Multiple Microsoft Apps for macOS Vulnerable to Library Injection Attacks
by
in SecurityNewsFirst seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/multiple-microsoft-apps-for-macos-vuln-to-malicious-library-injection-attacks