CVE-2024-21483

Siemens CVE-2024-21483 affects SENTRON 7KM PAC3x20 devices (PAC3120/3220, AC/DC and DC variants) with firmware versions around V3.2.3–before V3.3.0. The root cause is improper read-out protection of internal flash at end of manufacturing, enabling a physically proximate attacker to read data from...

IBM DS8900F HMC License Issue Vulnerability

The IBM DS8900F HMC is an enterprise-class disk storage system from International Business Machines IBM for storing and managing large-scale enterprise data. The IBM DS8900F HMC suffers from an authorization issue vulnerability that can be exploited by an attacker to bypass authentication...

CVE-2024-23281

CVE-2024-23281 affects macOS Sonoma prior to 14.4, with the issue described as a state-management bug that could allow an unprivileged app to access sensitive user data. The vulnerability is fixed in macOS Sonoma 14.4. The available sources consistently frame the impact as privacy-related data ex...

[SECURITY] Fedora 40 Update: jzlib-1.1.3-30.fc40

The zlib is designed to be a free, general-purpose, legally unencumbered -- that is, not covered by any patents -- loss-less data-compression library for use on virtually any computer hardware and operating system. The zlib was written by Jean-loup Gailly compression and Mark Adler decompression...

CISA and NSA Release Cybersecurity Information Sheets on Cloud Security Best Practices

Today, CISA and the National Security Agency NSA released five joint Cybersecurity Information Sheets CSIs to provide organizations with recommended best practices and/or mitigations to improve the security of their cloud environments. Use Secure Cloud Identity and Access Management Practices Use...

BIT-LIBMEMCACHED-2023-27478 Disclosure of unrelated data in libmemcached-awesome

libmemcached-awesome is an open source C/C++ client library and tools for the memcached server. libmemcached could return data for a previously requested key, if that previous request timed out due to a low POLLTIMEOUT. This issue has been addressed in version 1.1.4. Users are advised to upgrade...

CVE-2024-25091

Protection mechanism failure issue exists in RevoWorks SCVX prior to scvimage4.10.211013 when using 'VirusChecker' or 'ThreatChecker' feature and RevoWorks Browser prior to 2.2.95 when using 'VirusChecker' or 'ThreatChecker' feature. If data containing malware is saved in a specific file format...

Navigating the Waters of Generative AI

Part I: The Good and the Bad of AI Few would argue that 2023 was the year AI, specifically generative AI Gen AI like ChatGPT, was discussed everywhere. In October, Forrester published a report about how security tools will leverage AI. The findings in that report showed that Gen AI would augment...

CVE-2024-1650

CVE-2024-1650: WordPress Categorify plugin (up to 1.0.7.4) suffers missing authorization in categorifyAjaxRenameCategory, enabling authenticated users with subscriber+ rights to rename categories. PatchStack notes vulnerability in versions

A Comprehensive Assessment of the General Personal Data Protection Law (LGPD)

Most nations need to protect sensitive data for any number of reasons. Assuring legal compliance, protecting national security, preventing abuse and prejudice, improving global competitiveness, and upholding ethical standards are all vital requirements. Data privacy enhances the safety, security,...

Healthcare Needs Risk-Based Cybersecurity for Comprehensive, Effective Protection

In the first blog post of this three-blog series, we discussed the extraordinarily powerful “perfect storm” of cyber risk faced by healthcare organizations. The second blog post reviews how data security risks persist despite HIPAA compliance. In this third blog, we will discuss how to get starte...

CVE-2024-23124

The CVE-2024-23124 issue affects Autodesk AutoCAD via ASMIMPORT228A.dll when parsing STP files, causing an Out-of-Bounds Write that can crash, corrupt data, or allow arbitrary code execution in the current process. Public sources (e.g., ZDI) describe this as a remote code execution vulnerability ...

Dell EMC AppSync Log Information Disclosure Vulnerability

Dell EMC AppSync is a replication data management software from Dell, Inc. It provides an SLA-driven, simple self-service approach to protecting, recovering, and cloning critical Microsoft and Oracle applications as well as VMware environments. A log information disclosure vulnerability exists in...

Fedora: Security Advisory for syncthing (FEDORA-2024-b93312a597)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[updated] Vibrator virus steals your personal information

I know that some of you are expecting a post similar to that about a toothbrush botnet, but this is not a hypothetical case. It actually happened. A Malwarebytes Premium customer started a thread on Reddit saying we had blocked malware from trying to infect their computer after they connected a...

CVE-2023-42823

CVE-2023-42823 affects Apple platforms (iOS/iPadOS/watchOS/macOS/tvOS). The issue arises from logging sanitization that allows an app to access user-sensitive data via log entries. Affected versions include iOS 16.7.2 and 17.1, iPadOS 16.7.2 and 17.1, watchOS 10.1, tvOS 17.1, macOS Sonoma 14.1, m...

[SECURITY] Fedora 38 Update: syncthing-1.27.3-1.fc38

Syncthing replaces other file synchronization services with something open, trustworthy and decentralized. Your data is your data alone and you deserve to choose where it is stored, if it is shared with some third party and how it's transmitted over the Internet. Using syncthing, that control is...

CVE-2024-21678

CVE-2024-21678 is a stored XSS vulnerability in Atlassian Confluence Data Center and Server introduced in 2.7.0. An authenticated attacker can inject HTML/JavaScript that runs in a victim’s browser, with high confidentiality impact, low integrity impact, no availability impact, and no user intera...

CVE-2023-50923

In QUIC in RFC 9000, the Latency Spin Bit specification section 17.4 does not strictly constrain the bit value when the feature is disabled, which might allow remote attackers to construct a covert channel with data represented as changes to the bit value. NOTE: The "Sheridan, S., Keane, A. 2015...

CVE-2024-25981

CVE-2024-25981 affects Moodle: Separate Groups mode restrictions were not honored during a forum export, causing data from all groups to be exported. By default this granted additional access to non-editing teachers. The connected documents confirm this is a Moodle forum export behavior issue; no...