176 matches found
Why it matters when your online order is drop-shipped
Online shopping has never been easier. A few clicks can get almost anything delivered straight to your door, sometimes at a surprisingly low price. But behind some of those deals lies a fulfillment model called drop-shipping. It's not inherently fraudulent, but it can leave you disappointed,...
EUVD-2023-42116
Malicious code in bioql PyPI...
MixShell Malware Delivered via Contact Forms Targets U.S. Supply Chain Manufacturers
Cybersecurity researchers are calling attention to a sophisticated social engineering campaign that's targeting supply chain-critical manufacturing companies with an in-memory malware dubbed MixShell. The activity has been codenamed ZipLine by Check Point Research. "Instead of sending unsolicited...
Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns
A cyber espionage group known as Earth Ammit has been linked to two related but distinct campaigns from 2023 to 2024 targeting various entities in Taiwan and South Korea, including military, satellite, heavy industry, media, technology, software services, and healthcare sectors. Cybersecurity fir...
Android Automotive OS Update Bulletin—April 2025Stay organized with collectionsSave and categorize content based on your preferences.
The Android Automotive OS AAOS Update Bulletin contains details of security vulnerabilities affecting the Android Automotive OS platform. The full AAOS update comprises the security patch level of 2025-04-05 or later from the April 2025 Android Security Bulletin in addition to all issues in this...
Contec Health CMS8000 Patient Monitor (Update A)
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to remotely send specially formatted UDP requests or connect to an unknown external network that would allow them to write arbitrary data, resulting in remote code execution. The device may also leak patient...
CISA and FBI Release Updated Guidance on Product Security Bad Practices
In partnership with the Federal Bureau of Investigation FBI, CISA released an update to joint guidance Product Security Bad Practices in furtherance of CISA’s Secure by Design initiative. This updated guidance incorporates public comments CISA received in response to a Request for Information,...
CISA and Partners Release Call to Action to Close the National Software Understanding Gap
Today, CISA—in partnership with the Defense Advanced Research Projects Agency DARPA, the Office of the Under Secretary of Defense for Research and Engineering OUSD R&E, and the National Security Agency NSA—published Closing the Software Understanding Gap. This report urgently implores the U.S...
Android Security Bulletin December 2024Stay organized with collectionsSave and categorize content based on your preferences.
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2024-12-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...
CISA and FBI Release Joint Guidance on Product Security Bad Practices for Public Comment
Today, the Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI released joint guidance on Product Security Bad Practices, a part of CISA’s Secure by Design initiative. This joint guidance supplies an overview of exceptionally risky product security ba...
Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide
Nearly 1.3 million Android-based TV boxes running outdated versions of the operating system and belonging to users spanning 197 countries have been infected by a new malware dubbed Vo1d aka Void. "It is a backdoor that puts its components in the system storage area and, when commanded by attacker...
Multiple DVR Manufacturers Configuration Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Multiple DVR Manufacturers Configuration Disclosure', 'Description' = %q This module takes advantage of an authentication bypass vulnerability at...
“We will hold them accountable”: General Motors sued for selling customer driving data to third parties
Texas Attorney General Ken Paxton has sued General Motors GM for the unlawful collection and sale of over 1.5 million Texans’ private driving data to insurance companies without their knowledge or consent. In June, the Attorney General AG announced he had opened an investigation into several car...
CISA Releases Secure by Demand Guidance
Today, CISA and the Federal Bureau of Investigation FBI have released Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem to help organizations drive a secure technology ecosystem by ensuring their software manufacturers prioritize secure technology from the...
Providing Security Updates to Automobile Software
Auto manufacturers are just starting to realize the problems of supporting the software in older models: Today’s phones are able to receive updates six to eight years after their purchase date. Samsung and Google provide Android OS updates and security updates for seven years. Apple halts servici...
The UK Bans Default Passwords
The UK is the first country to ban default passwords on IoT devices. On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted. The Product Security and...
CVE-2023-38301
An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto G Power, T-Mobile Revvl 6 Pro 5G, and...
PT-2024-12696 · Motorola +1 · Motorola Moto G Pure +3
Name of the Vulnerable Software and Affected Versions: TCL 30Z affected versions not specified TCL 10L affected versions not specified Motorola Moto G Pure affected versions not specified Motorola Moto G Power affected versions not specified Description: An issue was discovered in a third-party...
CVE-2023-38301
CVE-2023-38301 describes a third-party component issue in vendor.gsm.serial that lets any local app read the device serial number via the vendor.gsm.serial system property without permissions. Affected devices span multiple manufacturers: BLU View 2; Boost Mobile Celero 5G; Sharp Rouvo V; Motorol...
CVE-2023-38291
CVE-2023-38291 describes a leakage of the Wi‑Fi MAC address via the system propertyro.boot.wifimacaddr in devices from multiple manufacturers. Connected sources (Red Hat, NVD, CNVD, CVE list, vuln enrichment) confirm a third‑party component issue affecting TCL devices (30Z, 10L) and Motorola devi...