FCC Enforces Stronger Rules to Protect Customers Against SIM Swapping Attacks

The U.S. Federal Communications Commission FCC is adopting new rules that aim to protect consumers from cell phone account scams that make it possible for malicious actors to orchestrate SIM-swapping attacks and port-out fraud. "The rules will help protect consumers from scammers who target data...

aporacle (>=0.0.126 <=0.0.143), enrichsdk (>=5.2.3 <=5.2.4) +11 more potentially affected by CVE-2023-6022 via prefect (>=2.0.0b16 <=2.16.3)

prefect PYPI version =2.0.0b16, =0.0.126, =5.2.3, =2.37.0, =0.2.0, =0.4.0, =0.1.0, =0.0.1, =0.0.217, =0.15.3, =0.6.5, =0.1.1, =0.1.0a0, =0.7.0, =0.9.0 Source cves: CVE-2023-6022 Source advisory: OSV:GHSA-4HH5-2678-83FX...

Scattered Spider

SUMMARY The Federal Bureau of Investigation FBI and Cybersecurity and Infrastructure Security Agency CISA are releasing this joint Cybersecurity Advisory CSA in response to recent activity by Scattered Spider threat actors against the commercial facilities sectors and subsectors. This advisory...

A week in security (November 06 &#8211; November 12)

Last week on Malwarebytes Labs: Defeating Little Brother requires a new outlook on privacy: Lock and Code S04E23 Medical research data Advarra stolen after SIM swap Okta breach happened after employee logged into personal Google account Introducing ThreatDown: A new chapter for Malwarebytes...

Medical research data Advarra stolen after SIM swap

Clinical research company Advarra has reportedly been compromised after a SIM swap on one of their executives. SIM swapping, also known as SIM jacking, is the act of illegally taking over a target’s cell phone number. This can be done in a number of ways, but one of the most common methods involv...

CVE-2023-42655

In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed...

CVE-2023-42645

In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

CVE-2023-42655

In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed...

CVE-2023-42645

In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

Information disclosure

In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

Design/Logic Flaw

In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed...

CVE-2023-42655

In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed...

CVE-2023-42655

In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed...

CVE-2023-42655

CVE-2023-42655 relates to the sim service where there is a missing permission check that allows writing permission usage records, enabling local privilege escalation to System level. The advisory consistently references the sim service as the affected component and describes the root cause as ins...

CVE-2023-42645

In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

CVE-2023-42645

In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed...

CVE-2023-42645

The CVE-2023-42645 entry concerns a missing permission check in the sim service that allows writing permission usage records, leading to local information disclosure without extra execution privileges. Public data (NVD) assigns LOCAL attack vector, LOW privileges required, and HIGH confidentialit...

UNISOC Chipsets Security Vulnerability

UNISOC Chipsets is a chipset from China's Unisplendour UNISOC. A security vulnerability exists in UNISOC Chipsets, which stems from a lack of privilege checking in the sim service. An attacker can exploit this vulnerability to escalate privileges...

CVE-2023-21393

In Settings, there is a possible way for the user to change SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21393

In Settings, there is a possible way for the user to change SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...