Mastermind Behind Twitter 2020 Hack Pleads Guilty and Faces up to 70 Years in Prison

A U.K. national has pleaded guilty in the U.S. in connection with the July 2020 Twitter attack affecting numerous high-profile accounts and defrauding other users of the platform. Joseph James O'Connor, who also went by the online alias PlugwalkJoe, admitted to "his role in cyberstalking and...

kernel: vdpa_sim_blk: set number of address spaces and virtqueue groups

In the Linux kernel, the following vulnerability has been resolved: vdpasimblk: set number of address spaces and virtqueue groups Commit bda324fd037a "vdpasim: control virtqueue support" added two new fields nas, ngroups to vdpasimdevattr, but we forgot to initialize them for vdpasimblk. When...

kernel: Linux kernel: Memory leak in vdpa_sim leading to denial of service

A flaw was found in the vdpasim component of the Linux kernel. This memory leak vulnerability occurs when a module is probed and the deviceregister function fails within vdpasimnetinit or vdpasimblkinit. In such a scenario, the reference count of the kobject is not properly decreased, leading to...

Moderate: Red Hat Security Advisory: freeradius security and bug fix update

An update for freeradius is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

freeradius: Crash on unknown option in EAP-SIM

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...

PT-2025-25984 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved. The issue is related to the vdpa sim blk device, where two new fields nas, ngroups were added to vdpasim dev attr but not...

ALSA-2023:2166 Moderate: freeradius security and bug fix update

FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service RADIUS server, designed to allow centralized authentication and authorization for a network. Security Fixes: freeradius: Information leakage in EAP-PWD CVE-2022-41859 freeradius: Crash on...

Moderate: freeradius security and bug fix update

FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service RADIUS server, designed to allow centralized authentication and authorization for a network. Security Fixes: freeradius: Information leakage in EAP-PWD CVE-2022-41859 freeradius: Crash on...

Ukraine Busts Gang for Massive $4.3 Million Phishing Scams

By Habiba Rashid The Ukrainian Cyber Police carried out 30 searches and managed to seize computer equipment, mobile phones, SIM cards, and other equipment. This is a post from HackRead.com Read the original post: Ukraine Busts Gang for Massive $4.3 Million Phishing Scams...

Denial Of Service (DoS)

freeradius is vulnerable to Denial Of Service DoS. The vulnerability exists due to the null pointer dereference in the library, which allows an attacker to cause an application crash when an EAP-SIM supplicant sends an unknown SIM option...

Amazon Linux AMI : freeradius (ALAS-2023-1699)

The version of freeradius installed on the remote host is prior to 2.2.6-7.17. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1699 advisory. When an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionarie...

Medium: freeradius

Issue Overview: When an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...

Medium: freeradius

Issue Overview: The EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack. CVE-2022-41859 When an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that optio...

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. In each case, the goal of the attackers was the same: Phish T-Mobile employees for access to...

Debian dla-3342 : freeradius - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3342 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3342-1 [email protected]...

SUSE CVE-2022-41860

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...

CVE-2023-21421

Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN...

Design/Logic Flaw

Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN...

CVE-2023-21421

Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN...

CVE-2023-21421

CVE-2023-21421 concerns the KnoxCustomManagerService on Samsung devices prior to the SMR Jan-2023 Release 1. The issue arises from improper handling of insufficient permissions or privileges, enabling a local attacker with low privileges to access the device’s SIM PIN. The red flags indicate a lo...