Malicious Chrome extensions with 75M installs removed from Web Store
Google has removed from the Chrome Web Store 32 malicious extensions that could alter search results and push spam or unwanted ads. Collectively, they come with a download count of 75 million.
Google has removed from the Chrome Web Store 32 malicious extensions that could alter search results and push spam or unwanted ads. Collectively, they come with a download count of 75 million.
PAX PoS Terminal Flaw Could Allow Attackers to Tamper with Transactions
The point-of-sale (PoS) terminals from PAX Technology are impacted by a collection of high-severity vulnerabilities that can be weaponized by threat actors to execute arbitrary code.
The STM Cyber R&D team, which reverse engineered the Android-based devices manufactured by the Chinese firm owing to their rapid deployment in Poland, said it unearthed half a dozen flaws that allow for Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Mozilla Firefox can now secure access to passwords with device credentials
Mozilla Firefox finally allows you to further protect local access to stored credentials in the browser’s password manager using your device’s login, including a password, fingerprint, pin, or other biometrics […] Read More
Notepad++ Input Validation Flaws Leads to uncontrolled Search Path Vulnerability
Notepad++ has been discovered with an uncontrolled search path vulnerability, which could allow threat actors to search an untrusted search path. This vulnerability has been disclosed to Notepad++, and a patch has yet to be provided.
Notepad++ is a simple text editor for Windows with many more capabilities and can be used to open or edit code files written in other programming languages. Multiple vulnerabilities in Notepad++ were previously reported in August 2023.
CVE-2023-6401: Uncontrolled Search Path in Notepad++
This vulnerability exists in an unknown functionality of the file dbghelp.exe, which a threat actor can manipulate to search an untrusted path.
This vulnerability has been categorized under “Hijack Execution Flow” by the MITRE framework.
StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.
Notepad++ utilizes a predetermined search path to locate its resources. However, this search path can be exploited by threat actors to compromise the Confidentiality, Integrity, and Availability (CIA) triad of the system.
Attackers can target one or more locations in the specified path and gain unauthorized access to the resources.
Products affected by this vulnerability include Notepad++ versions before 8.1.
Notepad++ is yet to publish a fix and a security advisory for this report.
There has been no evidence of exploitation of this vulnerability by threat actors. The severity for this vulnerability has been given as 5.3 (Medium) by VulDB.
No other additional information about this vulnerability has been reported, nor has a publicly available exploit been found.
To know more about this vulnerability, VulDB has published a report providing additional information.
Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.