5G-Schwachstellen: Mehr als 710 Handy-Modelle mit 5Ghoul verwundbar
heise Security Neben Android-Smartphones sind auch Apple iPhones für Schwachstellen in 5G-Modems anfällig. IT-Forscher haben 14 DoS-Lücken entdeckt. Read More
heise Security Neben Android-Smartphones sind auch Apple iPhones für Schwachstellen in 5G-Modems anfällig. IT-Forscher haben 14 DoS-Lücken entdeckt. Read More
heise Security Sicherheitsforscher und kriminelle Konkurrenten spekulieren über mögliche Polizeirazzien gegen die Cyberkriminellen. AlphV selber gibt sich schmallippig. Read More
The Hacker News Cybersecurity researchers have discovered 18 malicious loan apps for Android on the Google Play Store that have been collectively downloaded over 12 million times. „Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all while collecting their victims‘ personal and Read More
The Hacker News A new collection of eight process injection techniques, collectively dubbed PoolParty, could be exploited to achieve code execution in Windows systems while evading endpoint detection and response (EDR) systems. SafeBreach researcher Alon Leviev said the methods are „capable of working across all processes without any limitations, making them more flexible than existing process Read More
Open Source Security Posted by Peter Korsgaard on Dec 10 Hello, Talos recently published two vulnerability reports related to the hash verification of sources downloaded by Buildroot. These issues are fixed in Buildroot 2023.02.8 / 2023.08.4 / 2023.11. The reports are: https://talosintelligence.com/vulnerability_reports/TALOS-2023-1844 CVE-2023-45841,CVE-2023-45842,CVE-2023-45838,CVE-2023-45839,CVE-2023-45840 Multiple data integrity vulnerabilities exist in the package hash checking functionality… Read More
Ubuntu security notices It was discovered that tar incorrectly handled extended attributes in PAX archives. An attacker could use this issue to cause tar to crash, resulting in a denial of service. Read More
Trend Micro Research, News, Perspectives This blog entry delves into MxDR’s unraveling of the AsyncRAT infection chain across multiple cases, shedding light on the misuse of aspnet_compiler.exe, a legitimate Microsoft process originally designed for precompiling ASP.NET web applications. Read More
heise Security Nach dem Ransomware-Angriff der Erpressergruppe „Medusa“ auf Toyota Financial Services informiert das Unternehmen erste Kunden über den Datenschutzvorfall. Read More
Open Source Security Posted by Lukasz Lenart on Dec 09 Severity: moderate Affected versions: – Apache Struts 2.0.0 through 2.5.31 – Apache Struts 6.1.2.1 through 6.3.0 Description: When a Multipart request is performed but some of the fields exceed the maxStringLength limit, the upload files will remain in struts.multipart.saveDir even if the request has been…
Weiterlesen
The Hacker News Researchers from the Vrije Universiteit Amsterdam have disclosed a new side-channel attack called SLAM that could be exploited to leak sensitive information from kernel memory on current and upcoming CPUs from Intel, AMD, and Arm. The attack is an end-to-end exploit for Spectre based on a new feature in Intel CPUs called Linear Address Masking (LAM) as…
Weiterlesen