70 matches found
A week in security (March 23 – March 29)
Last week on Malwarebytes Labs: Criminals are renting virtual phones to bypass bank security Bogus Avast website fakes virus scan, installs Venom Stealer instead Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka GlassWorm attack installs fake browser extension for...
Scam compounds hiring “AI models” to seal the deal in deepfake video calls
Scam compounds in Southeast Asia have already become modern slave farms, trapping victims and forcing many of them to become scammers for them. Now they've added another type of worker to the mix: so-called AI models. These professional scammers conduct video calls with their targets, charming th...
Models Are Applying to Be the Face of AI Scams
Dozens of Telegram channels reviewed by WIRED include job listings for “AI face models.” The mostly women who land these gigs are likely being used to dupe victims out of their money...
EUVD-2023-42336
Malicious code in bioql PyPI...
EUVD-2023-43654
Malicious code in bioql PyPI...
EUVD-2023-42337
Malicious code in bioql PyPI...
EUVD-2023-26627
Malicious code in bioql PyPI...
EUVD-2023-34930
Malicious code in bioql PyPI...
CVE-2023-38537
A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability...
CVE-2023-38538
A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability...
CVE-2022-36934
An integer overflow in WhatsApp could result in remote code execution in an established video call...
CVE-2018-21078
An issue was discovered on Samsung mobile devices with M6.0, N7.x, and O8.0 software. The Contacts application allows attackers to originate video calls because SS Supplementary Service and USSD Unstructured Supplementary Service Data codes are improperly secured. The Samsung ID is SVE-2018-11469...
Discord Introduces DAVE Protocol for End-to-End Encryption in Audio and Video Calls
Popular social messaging platform Discord has announced that it's rolling out a new custom end-to-end encrypted E2EE protocol to secure audio and video calls. The protocol has been dubbed DAVE, short for Discord's audio and video end-to-end encryption "E2EE A/V". As part of the change introduced...
January 23, 2024—KB5034204 (OS Builds 22621.3085 and 22631.3085) Preview
January 23, 2024—KB5034204 OS Builds 22621.3085 and 22631.3085 Preview UPDATED 2/27/24 IMPORTANT: New dates for the end of non-security updates for Windows 11, version 22H2The new end date is June 24, 2025 for Windows 11, version 22H2 Enterprise, Education, IoT Enterprise, and Enterprise...
Design/Logic Flaw
A vulnerability in an API of the Web Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending...
PT-2023-8660 · Cisco · Cisco Meeting Server
Name of the Vulnerable Software and Affected Versions: Cisco Meeting Server affected versions not specified Description: The issue is related to insufficient validation of HTTP requests in the Web Bridge feature of Cisco Meeting Server, which could allow an unauthenticated, remote attacker to cau...
CVE-2023-38538
A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability...
CVE-2023-38538
A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability...
CVE-2023-38538
A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability...
CVE-2023-38537
A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability...