Friday Squid Blogging: Influencer Accidentally Posts Restaurant Table QR Ordering Code

Schneier on Security  Another rare security + squid story: The woman—who has only been identified by her surname, Wang—was having a meal with friends at a hotpot restaurant in Kunming, a city in southwest China. When everyone’s selections arrived at the table, she posted a photo of the spread on the Chinese social media platform…

CVE-2023-49284: fish command substitution output can trigger shell expansion

Open Source Security  Posted by Alan Coopersmith on Dec 08 reports: Package: fish-shell Affected versions: < 3.6.2 Patched versions: 3.6.2 CVSS: 3.9 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L) CVE ID: CVE-2023-49284 Impact: fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than… Read…

New 5G Modems Flaws Affect iOS Devices and Android Models from Major Brands

The Hacker News A collection of security flaws in the firmware implementation of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm impact USB and IoT modems as well as hundreds of smartphone models running Android and iOS. Of the 14 flaws – collectively called 5Ghoul (a combination of „5G“ and „Ghoul“) – 10…


Forgejo Releases Post Content Read More 

Cyberangriff in Südwestfalen: Wiederaufbau geht langsamer als erhofft

heise Security  Betroffene Kommunen und deren Bürger werden nach dem verheerenden Angriff auf die Südwestfalen-IT noch wochenlang Einschränkungen hinnehmen müssen.  Read More 

Vulnerability Affecting Legacy VioStor NVR

QNAP Systems, Inc. – Network Attached Storage (NAS) An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploit … More Read More 

Multiple Vulnerabilities in QTS and QuTS hero

QNAP Systems, Inc. – Network Attached Storage (NAS) Two buffer copy without checking size of input vulnerabilities have been reported to affect several QNAP operating system versions … More Read More 

Vulnerabilities in Samba

QNAP Systems, Inc. – Network Attached Storage (NAS) Multiple vulnerabilities have been reported in Samba, which affect certain QNAP operating system versions. We have already fixed t … More Read More 

N. Korean Kimsuky Targeting South Korean Research Institutes with Backdoor Attacks

The Hacker News The North Korean threat actor known as Kimsuky has been observed targeting research institutes in South Korea as part of a spear-phishing campaign with the ultimate goal of distributing backdoors on compromised systems. „The threat actor ultimately uses a backdoor to steal information and execute commands,“ the AhnLab Security Emergency Response Center (ASEC) said in an Read More 

OpenCMS Unauthenticated XXE Vulnerability (CVE-2023-42344)

Qualys Security Blog  OpenCms is a popular open-source Java framework developed by Alkacon Software. OpenCms provides a platform for users to design and develop web applications. The latest version of the framework is 16.0.  About CVE-2023-42344 CVE-2023-42344 is a critical vulnerability where users can execute code without authentication.  An attacker can execute malicious requests on the…