SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D Sl V4.7, SINUMERIK 840D Sl V4.8 Security Vulnerabilities

Mageia: Security Advisory (MGASA-2023-0147)

The remote host is missing an update for...

LibreOffice vulnerability

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages libreoffice - Office productivity suite Details It was discovered that LibreOffice may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current...

Mageia: Security Advisory (MGASA-2023-0146)

The remote host is missing an update for...

Ubuntu 18.04 LTS / 20.04 LTS : LibreOffice vulnerability (USN-6023-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6023-1 advisory. Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code...

Thunderbird vulnerabilities

Releases Ubuntu 22.10 Ubuntu 22.04 LTS Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context,...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Thunderbird vulnerabilities (USN-6015-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6015-1 advisory. OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked...

Debian DSA-5385-1 : firefox-esr - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5385 advisory. Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. (CVE-2023-1945) A website...

Debian: Security Advisory (DSA-5385-1)

The remote host is missing an update for the...

[SECURITY] [DLA 3391-1] firefox-esr security update

Debian LTS Advisory DLA-3391-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 12, 2023 https://wiki.debian.org/LTS Package : firefox-esr Version : 102.10.0esr-1~deb10u1 CVE...

Firefox vulnerabilities

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages firefox - Mozilla Open Source web browser Details Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service,...

Debian DLA-3391-1 : firefox-esr - LTS security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3391 advisory. Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. (CVE-2023-1945) A website...

Ubuntu 18.04 LTS / 20.04 LTS : Firefox vulnerabilities (USN-6010-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6010-1 advisory. A website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name...

Nokoyawa ransomware attacks with Windows zero-day

Updated April 20, 2023 In February 2023, Kaspersky technologies detected a number of attempts to execute similar elevation-of-privilege exploits on Microsoft Windows servers belonging to small and medium-sized businesses in the Middle East, in North America, and previously in Asia regions. These...

Siemens Multiple Products Out-of-bounds Write (CVE-2021-4034)

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count....

Overview of Google Play threats sold on the dark web

In 2022, Kaspersky security solutions detected 1,661,743 malware or unwanted software installers, targeting mobile users. Although the most common way of distributing such installers is through third-party websites and dubious app stores, their authors every now and then manage to upload them to...

Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack

On March 29, Crowdstrike published a report about a supply chain attack conducted via 3CXDesktopApp, a popular VoIP program. Since then, the security community has started analyzing the attack and sharing their findings. The following has been discovered so far: The infection is spread via...

Threat Source newsletter (March 30, 2023) — It’s impossible to tell if your home security camera or doorbell is truly safe

Welcome to this week's edition of the Threat Source newsletter. Everyone loves a good video of someone slipping on their icy steps in the winter, captured thanks to their home security camera or smart doorbell. But what about when that camera is just kind of chilling out and not catching the...

Selecting the right MSSP: Guidelines for making an objective decision

Managed Security Service Providers (MSSPs) have become an increasingly popular choice for organizations nowadays following the trend to outsource security services. Meanwhile, with the growing number of MSSPs in the market, it can be difficult for organizations to determine which provider will fit....

Scientific Linux Security Update : thunderbird on SL7.x x86_64 (2023:1401)

The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2023:1401-1 advisory. Mozilla: Incorrect code generation during JIT compilation (CVE-2023-25751) Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR...

Financial cyberthreats in 2022

Financial gain remains the key driver of cybercriminal activity. In the past year, we've seen multiple developments in this area – from new attack schemes targeting contactless payments to multiple ransomware groups continuing to emerge and haunt businesses. However, traditional financial threats.....

Mageia: Security Advisory (MGASA-2023-0034)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2023-0116)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2023-0111)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2023-0018)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2023-0056)

The remote host is missing an update for...

Mageia: Security Advisory (MGASA-2023-0057)

The remote host is missing an update for...

How scammers employ IPFS for email phishing

The idea of creating Web 3.0 has been around since the end of 2000s. The new version of the world wide web should repair the weak points of Web 2.0., some of which are: featureless content, prevalence of proprietary solutions, and lack of safety in a centralized user data storage environment,...

Ubuntu 18.04 LTS / 20.04 LTS : Firefox regressions (USN-5954-2)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5954-2 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

Debian: Security Advisory (DLA-3368-1)

The remote host is missing an update for the...

Firefox regressions

Releases Ubuntu 20.04 LTS Ubuntu 18.04 ESM Packages firefox - Mozilla Open Source web browser Details USN-5954-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details:...

[SECURITY] [DLA 3368-1] libreoffice security update

Debian LTS Advisory DLA-3368-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucaries March 26, 2023 https://wiki.debian.org/LTS Package : libreoffice Version : 1:6.1.5-3+deb10u8 CVE...

Debian DLA-3368-1 : libreoffice - LTS security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3368 advisory. LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred...

CVE-2022-4224

In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the...

Bad magic: new APT found in the area of Russo-Ukrainian conflict

Since the start of the Russo-Ukrainian conflict, Kaspersky researchers and the international community at large have identified a significant number of cyberattacks executed in a political and geopolitical context. We previously published an overview of cyber activities and the threat landscape...

Amazon Linux 2023 : compat-libpthread-nonshared, glibc, glibc-all-langpacks (ALAS2023-2023-060)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-060 advisory. The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which...

Debian DLA-3365-1 : thunderbird - LTS security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3365 advisory. Mozilla: Incorrect code generation during JIT compilation (CVE-2023-25751) Mozilla: Potential out-of-bounds when accessing throttled streams (CVE-2023-25752) ...

Debian: Security Advisory (DLA-3365-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5374-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-5375-1)

The remote host is missing an update for the...