VMware has been reported with a SAML token signature bypass vulnerability, which a threat actor can exploit to perform VMware Guest operations. CVE ID has been assigned for this vulnerability, and the severity was mentioned as 7.5 (High).VMware tools are a set of modules and services for enabling several services in VMware products, which help better manage guest operating systems and flawless user interactions between the host and the guest operating system. VMware tools also can pass messages from the Host to the Guest operating system. However, VMware has released a security advisory for addressing this vulnerability.An attacker with a…
Author: Goobuntu
RSS feeds are extremely useful, as they let you perform a digital tap on the shoulder of your subscribers whenever you publish new content. But what if you could turn that tap into a personalized handshake? By customizing your RSS feeds, you can add special messages, custom links, and even promotional offers. This guide explains how to create a WordPress custom RSS feed. Discussion: are RSS feeds still relevant? Read on to find out. When it comes to fine-tuning your WordPress RSS feed, options are abundant, but they’re not equally straightforward. Sure, you could delve into the backend and tweak…
Urbit is a cloud-based operating system (OS) that aims to create a decentralized space for content creation and socialization. Unlike a traditional OS, Urbit works by bootstrapping from an existing Linux distribution. This makes it easy to use and approachable even for novice users. This article will guide you through the process of installing Urbit on Ubuntu. It will also highlight how to install additional Urbit applications in your Landscape interface. Why Use Urbit? At its core, Urbit is an attempt at building a full-stack alternative to modern web apps from first principles. This includes the applications, networking as well…
Splunk Enterprise has multiple vulnerabilities that can lead to Cross-site Scripting (XSS), Denial of Service (DoS), Remote code execution, Privilege Escalation, and Path Traversal. The severities of these vulnerabilities range between 6.3 (Medium) to 8.8 (High). Splunk has addressed these vulnerabilities and has released security advisories for patching them. CVE-2023-40592: Reflected Cross-site Scripting (XSS)An attacker can exploit this vulnerability by sending a crafted web request on the “/app/search/table” endpoint leading to the execution of arbitrary commands on the Splunk Platform. This vulnerability exists due to improper input validation. The CVSS score for this vulnerability is given as 8.4 (High). CVE-2023-40593: Denial of…
Cisco released a fix for the medium impact vulnerability found on CommPilot Application Software, allowing cross-site scripting against the user interface.The Cisco BroadWorks CommPilot Application allows authenticated users to upload configuration files on the platform. The lack of file validation and broken access control on the vulnerable upload servlet allows any authenticated user to upload a file, which could be abused to run arbitrary code on the server.Cisco’s BroadWorks Application Delivery Platform, BroadWorks Application Server (AS), and BroadWorks Xtended Services Platform (XSP) are affected by this vulnerability.Vulnerability in detail:The latest update for the Cisco BroadWorks CommPilot Application Software Cross-Site Scripting Vulnerability…
Windows 10 and Windows 11 have had their share of problems. The operating system had over 1200 security vulnerabilities just in 2022. Microsoft quickly moves in to fix many of these security holes in the system, so it’s essential to stay up to date. Yet, Windows updates can bring their own problems. This guide shows what to do when an update does more harm than good. Note: if a problem here is marked as “FIXED,” it means Microsoft has rolled out an update that fixes the problem, and the solution is simply to make sure your system is fully updated.…
In a shocking turn of events, Paramount Media recently fell victim to a significant data breach, leading to the unauthorized access of user personal information. Paramount Media Networks(founded as MTV Networks in 1984 and known under this name until 2011) is an American mass media division of Paramount Global that oversees the operations of many of its television channels and online brands. The company’s brands include CBS, BET, Comedy Central, Paramount+, Pluto TV, MTV, Paramount Pictures, Showtime Netwo, Smithsonian Channel, and Nickelodeon. Paramount operates as a subsidiary of National Amusements Inc.The breach was discovered after attackers managed to gain access to…
Multiple vulnerabilities have been identified in ArubaOS-Switch Switches, specifically pertaining to Stored Cross-site Scripting (Stored XSS), Denial of Service (DoS), and Memory corruption.Aruba has taken measures to mitigate these vulnerabilities and has subsequently published a security advisory. ArubaOS-Switch is owned by Aruba Networks, a Hewlett Packard Enterprise subsidiary. This allows users to manage their networks from a centralized location. Aruba Networks manufactures several networking products.CVE-2023-39266: Unauthenticated Stored Cross-Site ScriptingThis vulnerability exists in the web management interface on ArubaOS-Switch which could allow an unauthenticated threat actor to exploit a Stored XSS attack. This attack can be conducted against a user of…
Qakbot (aka QBot, Pinkslipbot) is a sophisticated banking Trojan malware that can spread through various methods. Once installed on a system, Qakbot can collect:-Login credentials.Intercept online banking transactions.Gain remote control over the infected computer.The FBI, along with the Justice Department, led a multinational operation to dismantle the complete infrastructure of the Qakbot malware and botnet on August 29. In this joint operation, ransomware and cybercriminal activities were actively targeted across seven countries that we have mentioned below:-The U.S.FranceGermanyThe NetherlandsRomaniaLatviaThe United KingdomBesides this, the director of the FBI, Christopher Wray, stated:-“This botnet was actually one of the longest-lasting ones we’ve seen,…
Regardless of whether you’re shopping for a whole new PC or just the parts for a new one, it pays to do research. With so many different vendors selling computers these days, it can be hard to find the absolute best deal for your money. Thankfully, there are services out there that specialize in collecting data from all reputable websites and collating them. This makes for an easy-to-browse experience, where you can be sure you’re paying the lowest for the best. Here are some of the best computer price comparison websites to make your life a little easier. Tip: follow…