Mirai Botnet Variant 'Pandora' Hijacks Android TVs for Cyberattacks

A Mirai botnet variant called Pandora has been observed infiltrating inexpensive Android-based TV sets and TV boxes and using them as part of a botnet to perform distributed denial-of-service DDoS attacks. Doctor Web said the compromises are likely to occur either during malicious firmware update...

Oracle Linux 7 : qemu (ELSA-2018-4289)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4289 advisory. - net: ignore packet size greater than INTMAX Jason Wang Orabug: 28763782 CVE-2018-17963 - pcnet: fix possible buffer overflow Jason Wang Orabug:...

New Agent Tesla Variant Uses Excel Exploit to Infect Windows PCs

By Deeba Ahmed FortiGuard Discovers Phishing Campaign Distributing New Agent Tesla Variant to Windows Devices. This is a post from HackRead.com Read the original post: New Agent Tesla Variant Uses Excel Exploit to Infect Windows PCs...

New Chae$4 Malware Steals Login, Financial Data from Businesses

By Habiba Rashid Meet Chae$4 malware: the new and even harder-to-detect variant of the infamous Chaes malware. This is a post from HackRead.com Read the original post: New Chae$4 Malware Steals Login, Financial Data from Businesses...

New Python Variant of Chaes Malware Targets Banking and Logistics Industries

Banking and logistics industries are under the onslaught of a reworked variant of a malware called Chaes. "It has undergone major overhauls: from being rewritten entirely in Python, which resulted in lower detection rates by traditional defense systems, to a comprehensive redesign and an enhanced...

Monti Ransomware Returns with New Linux Variant and Enhanced Evasion Tactics

The threat actors behind the Monti ransomware have resurfaced after a two-month break with a new Linux version of the encryptor in its attacks targeting government and legal sectors. Monti emerged in June 2022, weeks after the Conti ransomware group shut down its operations, deliberately imitatin...

EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2023-2541)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform...

New NodeStealer Variant Targeting Facebook Business Accounts and Crypto Wallets

Cybersecurity researchers have unearthed a Python variant of a stealer malware NodeStealer that's equipped to fully take over Facebook business accounts as well as siphon cryptocurrency. Palo Alto Networks Unit 42 said it detected the previously undocumented strain as part of a campaign that...

The vulnerability of the Variant Management component in the SAP UI5 software platform, related to the lack of measures for cleaning incoming data, allows attackers to execute cross-site scripting attacks (Stored XSS).

The vulnerability of the Grantor Management component in the SAP CRM ABAP integration module for managing customer relationships is related to the lack of measures to cleanse input data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks Stored XSS...

Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-6221-1)

The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6221-1 advisory. It was discovered that a race condition existed in the overlay file system implementation in the Linux kernel. A local attacker could use this to cause a...

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2023-2383)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel through 6.3.1, a use-after-free in Netfilter nftables when processing batch requests can be abused to perform arbitrary read a...

USN-6223-1: Linux kernel (Azure CVM) vulnerabilities

It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service system crash. CVE-2023-1076 It was discovered that the Real-Time Scheduling Class implementation in the Linux kernel contained a type...

CVE-2023-2234

Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host...

CVE-2023-2234

Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host...

Design/Logic Flaw

Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host...

CVE-2023-2234 BT HCI host union variant confusion

Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host...

CVE-2023-2234

The CVE-2023-2234 entry concerns Zephyr RTOS and a Bluetooth HCI host vulnerability described as “union variant confusion” that can let a malicious Bluetooth controller execute arbitrary code on the Zephyr host. Affected component is the Bluetooth HCI host handling union variant selection; the ro...

CVE-2023-2234 BT HCI host union variant confusion

Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host...

Ubuntu: Security Advisory (USN-6207-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6207-1: Linux kernel (Intel IoTG) vulnerabilities

It was discovered that the TUN/TAP driver in the Linux kernel did not properly initialize socket data. A local attacker could use this to cause a denial of service system crash. CVE-2023-1076 It was discovered that the Real-Time Scheduling Class implementation in the Linux kernel contained a type...