Fortinet Fortigate Webproxy process DoS (FG-IR-23-184)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-184 advisory. - A use after free vulnerability CWE-416 in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiPro...

What is the dark web?

Most users interact with the internet through the web, and many of the threat actors we write about operate on the "dark web." Broadly speaking, the dark web is a small portion of the "deep web," where the deep web represents most of the Web. We know, its confusing -- lets walk through an example...

Apple watchOS security breach

Apple watchOS is a set of smartwatch operating systems from the American company Apple. Apple watchOS 10 has a security vulnerability that stems from the fact that the Apple Watch Ultra may not lock when using the Deep app...

NVIDIA DGX Input Validation Error Vulnerability

NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA. A security vulnerability exists in the NVIDIA DGX H100 BMC that stems from incorrect input validation...

PT-2023-36026 · Apache · Apache Lucene

Name of the Vulnerable Software and Affected Versions: Apache Lucene affected versions not specified Description: A security exception crash has been reported in Apache Lucene. The crash occurs in the org.apache.lucene.util.ArrayUtil.copyOfSubArray and org.apache.lucene.util.BytesRef.deepCopyOf...

Operation Rusty Flag: Azerbaijan Targeted in New Rust-Based Malware Campaign

Targets located in Azerbaijan have been singled out as part of a new campaign that's designed to deploy Rust-based malware on compromised systems. Cybersecurity firm Deep Instinct is tracking the operation under the name Operation Rusty Flag. It has not been associated with any known threat actor...

NVIDIA DGX Security Vulnerability

NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA. A security vulnerability exists in the NVIDIA DGX H100 BMC, which stems from a security flaw in IPMI that can be exploited by attackers to cause code execution, denial of service, privilege escalation, and...

NVIDIA DGX Input Validation Error Vulnerability

NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA. The NVIDIA DGX H100 BMC suffers from an input validation error vulnerability that stems from an input validation error vulnerability in the Web UI. An attacker could exploit this vulnerability to cause code...

CVE-2023-40779

An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL...

CVE-2023-40779

An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL...

CVE-2023-40779

An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL...

Design/Logic Flaw

An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL...

CVE-2023-40779

IceWarp Mail Server Deep Castle 2 (version 13.0.1.2) is affected by an open redirect vulnerability discovered in the Nuclei template CVE-2023-40779. A crafted URL can redirect victims to attacker-controlled domains, enabling credential-phishing risks. The connected documents consistently describe...

CVE-2023-40779

An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL...

Snapchat: Intent Leads To Unauthorised Video Call Initiation Leaking Surrounding Informations Of Victim

The Snapchat Android application was found to contain a vulnerability that allowed a malicious user to initiate an unauthorized video call with a victim. The vulnerability was triggered by a deep link that, when clicked by the victim, forced the victim's Snapchat application to initiate a video...

[SECURITY] Fedora 38 Update: tinyexr-1.0.1-7.fc38

TinyEXR is a small library to load and save OpenEXR images. It supports the version 1 format and version 2 multi-part images, and it has partial support for version 2 deep images...

PT-2023-8405 · Trend Micro +1 · Trend Micro Deep Security +2

Name of the Vulnerable Software and Affected Versions: Trend Micro Deep Security versions 20.0 Trend Micro Cloud One - Endpoint and Workload Security Agent affected versions not specified Description: The issue is related to a link following vulnerability in the Anti-Malware module of Trend Micro...

Qualys Tackles 2022’s Top Routinely Exploited Cyber Vulnerabilities

A unified front against malicious cyber actors is climactic in the ever-evolving cybersecurity landscape. The joint Cybersecurity Advisory CSA, a collaboration between leading cybersecurity agencies from the United States, Canada, United Kingdom, Australia, and New Zealand, is a critical guide to...

Using Machine Learning to Detect Keystrokes

Researchers have trained a ML model to detect keystrokes by sound with 95% accuracy. "A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards" Abstract: With recent developments in deep learning, the ubiquity of microphones and the rise in online services via personal devices,...

New 'Deep Learning Attack' Deciphers Laptop Keystrokes with 95% Accuracy

A group of academics has devised a "deep learning-based acoustic side-channel attack" that can be used to classify laptop keystrokes that are recorded using a nearby phone with 95% accuracy. "When trained on keystrokes recorded using the video conferencing software Zoom, an accuracy of 93% was...