Lucene search
K

5497 matches found

Malwarebytes
Malwarebytes
added 2024/12/16 8:19 a.m.7 views

A week in security (December 9 – December 15)

Last week on Malwarebytes Labs: Encrypted messaging service intercepted, 2.3 million messages read by law enforcement TikTok ban in US: Company seeks emergency injunction to prevent it Data brokers should stop trading health and location data, new bill proposes Update now! Apple releases new...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/12/16 12:0 a.m.3 views

PT-2024-41356 · Opensuse +1 · Mozilla Firefox

Name of the Vulnerable Software and Affected Versions: MozillaFirefox version 128.5.1 ESR Description: This issue prevents some websites from loading when using SSL Inspection. Recommendations: Update to Firefox Extended Support Release 128.5.1 ESR...

7.1AI score
Exploits0References3
OSV
OSV
added 2024/12/13 1:18 p.m.3 views

OESA-2024-2550 linux-firmware security update

This package contains firmware images required by some devices. Security Fixes: IOMMU improperly handles certain special address ranges with invalid device table entries DTEs, which may allow an attacker with privileges and a compromised Hypervisor to induce DTE faults to bypass RMP checks in...

6CVSS6.7AI score0.00199EPSS
Exploits0References3
NVD
NVD
added 2024/12/12 2:15 a.m.15 views

CVE-2024-54466

An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An encrypted volume may be accessed by a different user without prompting for the password...

6.5CVSS0.00703EPSS
Exploits0References6
OSV
OSV
added 2024/12/12 2:15 a.m.5 views

CVE-2024-54466

An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An encrypted volume may be accessed by a different user without prompting for the password...

5.3CVSS5.7AI score
Exploits0References6
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.6 views

Espressif ESP-IDF 安全漏洞

Espressif ESP-IDF is an Internet of Things IoT development framework from China Loxin Espressif. A security vulnerability exists in Espressif ESP-IDF, which stems from the fact that the encrypted output becomes deterministic if the IV is not properly initialized, leading to a potential data leak...

8.7CVSS6.7AI score0.00571EPSS
Exploits0References9
CNNVD
CNNVD
added 2024/12/12 12:0 a.m.4 views

Apple macOS 安全漏洞

Apple macOS is a set of specialized operating systems developed for Mac computers by the American company Apple Apple. A security vulnerability exists in Apple macOS Sequoia versions prior to 15.2. An attacker exploiting the vulnerability can access encrypted volumes...

6.5CVSS7.1AI score0.00703EPSS
Exploits0References4
CVE
CVE
added 2024/12/11 10:59 p.m.57 views

CVE-2024-54466

The CVE-2024-54466 entry describes an authorization issue in macOS where an encrypted volume could be accessed by another user without prompting for a password. The connected sources identify the affected products as macOS Sequoia 15.2, macOS Ventura 13.7.2, and macOS Sonoma 14.7.2, with the unde...

6.5CVSS7AI score0.00703EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/11 10:59 p.m.6 views

CVE-2024-54466

An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An encrypted volume may be accessed by a different user without prompting for the password...

6AI score0.00703EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/11 10:59 p.m.32 views

CVE-2024-54466

An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An encrypted volume may be accessed by a different user without prompting for the password...

0.00703EPSS
Exploits0References3
Rapid7 Blog
Rapid7 Blog
added 2024/12/11 6:44 p.m.40 views

Modular Java Backdoor Dropped in Cleo Exploitation Campaign

Many thanks to Rapid7 MDR and incident response teams for their contributions to this analysis. While investigating incidents related to Cleo software exploitation, Rapid7 Labs and MDR observed a novel, multi-stage attack that deploys an encoded Java Archive JAR payload. Our investigation reveale...

9.8CVSS7.5AI score0.98529EPSS
Exploits6
Rapid7 Blog
Rapid7 Blog
added 2024/12/11 6:44 p.m.7 views

Modular Java Backdoor Dropped in Cleo Exploitation Campaign

Many thanks to Rapid7 MDR and incident response teams for their contributions to this analysis. While investigating incidents related to Cleo software exploitation, Rapid7 Labs and MDR observed a novel, multi-stage attack that deploys an encoded Java Archive JAR payload. Our investigation reveale...

9.8CVSS9.4AI score0.98529EPSS
Exploits6
Positive Technologies
Positive Technologies
added 2024/12/11 12:0 a.m.3 views

PT-2024-36343 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.7.2 macOS versions prior to 14.7.2 macOS versions prior to 15.2 Description: An authorization issue was addressed with improved state management. This issue allows a different user to access an encrypted volume...

6.5CVSS6.1AI score0.00703EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/12/10 12:0 a.m.4 views

PT-2024-10062

Name of the Vulnerable Software and Affected Versions AMD Secure Processor ASP affected versions not specified Description The issue is related to a security flaw in AMD's Secure Encrypted Virtualization SEV that allows attackers to bypass SEV protections and access encrypted memory regions. This...

5.3CVSS7.1AI score0.00222EPSS
Exploits0References19
Github Security Blog
Github Security Blog
added 2024/12/09 9:31 p.m.13 views

Bit flip attack vulnerability in cookie-encrypter

due to a weakness in the encryption method used in cookie-encrypter an attack can use the world visible IV to edit encrypted cookies without decrypting the cookie itself. This is known as an AES CBC bit flipping attack...

9.1CVSS6.7AI score0.00279EPSS
Exploits0References6Affected Software1
Malwarebytes
Malwarebytes
added 2024/12/09 3:49 p.m.13 views

Encrypted messaging service intercepted, 2.3 million messages read by law enforcement

European law enforcement agencies have taken down yet another encrypted messaging service mainly used by criminals. The Matrix encrypted messaging service was an invite-only service which was also marketed under the names Mactrix, Totalsec, X-quantum, or Q-safe. Dutch and French authorities start...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/12/09 8:15 a.m.16 views

A week in security (December 2 – December 8)

Last week on Malwarebytes Labs: Europol takes down criminal data hub Manson Market in busy month for law enforcement Americans urged to use encrypted messaging after large, ongoing cyberattack Crypto’s rising value likely to bring new wave of scams AI chatbot provider exposes 346,000 customer...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/12/05 2:59 p.m.10 views

Americans urged to use encrypted messaging after large, ongoing cyberattack

A years-long infiltration into the systems of eight telecom giants, including AT&T and Verizon, allowed a state sponsored actor to steal vast amounts of data on where, when and who individuals have been communicating with. Speaking to Reuters, a senior US official said the attack telecommunicatio...

7.3AI score
Exploits0
CNNVD
CNNVD
added 2024/12/05 12:0 a.m.6 views

SonicWALL SMA100 安全漏洞

The SonicWALL SMA100 is a secure access gateway appliance from SonicWALL USA. The SonicWALL SMA100 suffers from a cryptographic issue vulnerability that stems from the use of a weakly encrypted pseudo-random number generator in the backup code generator. An attacker could exploit the vulnerabilit...

5.3CVSS6.9AI score0.00341EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/12/04 12:20 p.m.5 views

Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown

Europol on Tuesday announced the takedown of an invite-only encrypted messaging service called MATRIX that's created by criminals for criminal purposes. The joint operation, conducted by French and Dutch authorities under the moniker Passionflower, comes in the aftermath of an investigation that...

7.3AI score
Exploits0
Rows per page
Query Builder