Fedora: Security Advisory for php-oojs-oojs-ui (FEDORA-2024-2c564b942d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Data Leak Exposes 500GB of Indian Police, Military Biometric Data

By Waqas The records belonged to two separate India-based firms, ThoughtGreen Technologies and Timing Technologies. Both provide application development, RFID technology, and biometric verification services. This is a post from HackRead.com Read the original post: Data Leak Exposes 500GB of India...

DevOps Dilemma: How Can CISOs Regain Control in the Age of Speed?

Introduction The Colonial Pipeline ransomware attack 2021 and SolarWinds supply chain attack 2020 were pivotal moments in cybersecurity, starting a new challenge for Chief Information Security Officers CISOs. These attacks highlighted the importance of collaboration between CISOs and DevOps teams...

The vulnerability of the Networking component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform allows a attacker to compromise data integrity.

The vulnerability of the Networking component in Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK, and the Oracle Java SE software platform is related to improper authentication. Exploiting this vulnerability can allow an attacker to compromise data integrity remotely...

The vulnerability of the development package for integrating cloud services and communication functions in IoT devices arises from the fact that operation data is exposed beyond the buffer in memory. This allows attackers to escalate their privileges and gain unauthorized access to protected information.

The vulnerability of the development package for integrating cloud services and communication functions in IoT devices is related to the issue where operations go beyond the buffer in memory during system call processing. Exploiting this vulnerability can allow attackers to enhance their privileg...

The vulnerability of the development package for integrating cloud services and communication functions in IoT devices. The Kalay SDK, a microprogramming software for video surveillance cameras like Owlet Cam v1 and Owlet Cam v2, has a flaw related to the failure to eliminate special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands and increase their privileges.

The vulnerability of the development package for integrating cloud services and communication functions in IoT devices is related to the failure to remove special elements used in the operating system’s command set when executing system calls like IOCTL during the unpacking of updates. Exploiting...

The End of an Era: Microsoft Phases Out VBScript for JavaScript and PowerShell

Microsoft on Wednesday outlined its plans to deprecate Visual Basic Script VBScript in the second half of 2024 in favor of more advanced alternatives such as JavaScript and PowerShell. "Technology has advanced over the years, giving rise to more powerful and versatile scripting languages such as...

[SECURITY] Fedora 40 Update: pgadmin4-8.6-1.fc40

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

electron28 -- multiple vulnerabilities

Electron developers report: This update fixes the following vulnerabilities: Security: backported fix for CVE-2024-4948. Security: backported fix for CVE-2024-3914. Security: backported fix for CVE-2024-4060. Security: backported fix for CVE-2024-4058. Security: backported fix for CVE-2024-4558...

CVE-2024-35986

A vulnerability was found in the Linux kernel's phy: ti: tusb1210 driver, where unregistering a powersupply device while other code holds a reference to it causes a crash. This issue happens due to a dangling reference in the tusb1210getonline function after the power supply is removed and its...

CVE-2024-35986

CVE-2024-35986 affects Linux kernel code for TI/TUSB1210 charger-detect. Unregistering a power_supply while a reference remains can trigger a WARN in power_supply_unregister and leave a dangling pointer, causing a crash on tusb1210_get_online() next use. The fix limits the power_supply reference ...

Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns

Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus, a nascent malware loader believed to be the successor to the IcedID malware. "These campaigns typically involve a recognizable infection chain involving oversized...

SUSE: Security Advisory (SUSE-SU-2024:1675-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2024:1676-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide

The threat actors behind the Windows-based Grandoreiro banking trojan have returned in a global campaign since March 2024 following a law enforcement takedown in January. The large-scale phishing attacks, likely facilitated by other cybercriminals via a malware-as-a-service MaaS model, target ove...

The vulnerability of the Hotspot component in the Java SE software platform and Oracle GraalVM Enterprise Edition and Oracle GraalVM for JDK virtual machines allows attackers to gain access to and modify data.

The vulnerability of the Hotspot component in the Java SE software platform and the Oracle GraalVM Enterprise Edition and Oracle GraalVM for JDK virtual machines is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to gain access to and modify/add dat...

Intel Media SDK 安全漏洞

Intel Media SDK is a multimedia SDK Software Development Kit from Intel Corporation USA. The product is primarily used for video encoding, decoding and processing in Windows and embedded Linux applications. A security vulnerability exists in Intel Media SDK that stems from the presence of incorre...

CVE-2024-27243

Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network access...

PT-2024-40057 · Ez Systems +3 · Ez Platform +4

Name of the Vulnerable Software and Affected Versions: eZ Platform and eZ Publish Legacy affected versions not specified Description: The issue concerns the handling of file uploads in eZ Platform and eZ Publish Legacy, potentially leading to remote code execution RCE if exploited. An attacker...

UBUNTU-CVE-2024-30268

Cacti provides an operational monitoring and fault management framework. A reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies. This issue is fixed in commit...