SICK SIM Series 访问控制错误漏洞

SICK SIM Series is a series of sensor integrators from SICK, Germany. An access control error vulnerability exists in the SICK SIM Series 4000 PPC Partnumber 1078787 version, which stems from a vulnerability that allows an unprivileged, remote attacker to access a user level defined as...

SICK SIM Series 访问控制错误漏洞

SICK SIM Series is a series of sensor integrators from SICK, Germany. An access control error vulnerability exists in SICK SIM Series 2x00 ARM Partnumber 1092673 and 1081902 version 1.2.0 and earlier. An attacker accesses a user level defined as RecoverableUserLevel by invoking the Password...

SICK SIM Series 访问控制错误漏洞

SICK SIM Series is a series of sensor integrators from SICK, Germany. An access control error vulnerability exists in SICK SIM Series 1012 Partnumber 1098146 versions prior to 2.2.0. An attacker accesses a user level defined as RecoverableUserLevel by invoking the password recovery mechanism meth...

ASB-A-218500036

In dismiss and related functions of KeyguardHostViewController.java and related files, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Password recovery vulnerability affects multiple SICK SIMs

SICK received a report about a vulnerability in multiple SICK SIM products. The vulnerability is classified as a "Missing Authentication for Critical Function" vulnerability and results from a mishandling of access to a password recovery mechanism. It is possible for an unprivileged, remote user ...

Suspected LAPSUS$ group member arrested in Brazil

The Brazilian Federal Police have arrested a suspect after an investigation into last year's breach of the Brazilian Ministry of Health. Responsibility for the breach was claimed by the LAPSUS$ group, when users found a message stating that system data had been copied and deleted and was in the...

Experts Warn of New RatMilad Android Spyware Targeting Enterprise Devices

A novel Android malware called RatMilad has been observed targeting a Middle Eastern enterprise mobile device by concealing itself as a VPN and phone number spoofing app. The mobile trojan functions as advanced spyware with capabilities that receives and executes commands to collect and exfiltrat...

September 30, 2022—KB5017389 (OS Build 22621.608) Preview

September 30, 2022—KB5017389 OS Build 22621.608 Preview For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 22H2, see its update history page.Note Follow @WindowsUpdate to...

SIM Swapper Abducted, Beaten, Held for $200k Ransom

A Florida teenager who served as a lackey for a cybercriminal group that specializes in cryptocurrency thefts was beaten and kidnapped last week by a rival cybercrime gang. The teens captives held guns to his head while forcing him to record a video message pleading with his crew to fork over a...

A week in security (September 12 – 18)

Last week on Malwarebytes Labs: The North Face hit by credential stuffing attack Facebook engineers aren't sure where all user data is kept 6 patch management best practices for businesses The MSP playbook on deciphering tech promises and shaping security culture Apple puts the password on life...

PT-2022-33395 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.19 through v5.19.3 Description: The issue is related to the vdpa sim blk, which is used to set the number of address spaces and virtqueue groups. The actual impact and attack plausibility have not yet been proven...

The privacy concerns of tying SIM cards to real identities

The registration of SIM cards tied to a verified identity is back in the news, off the back of large-scale phone fraud. In what some may call a knee-jerk response to a problem, there are calls to revive a legal bill and make it law. Whats happening, and what are the potential ramifications? Hitti...

Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack

Popular end-to-end encrypted messaging service Signal on Monday disclosed the cyberattack aimed at Twilio earlier this month may have exposed the phone numbers of roughly 1,900 users. "For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned...

CVE-2022-20326

In Telephony, there is a possible disclosure of SIM identifiers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-185235527...

CVE-2022-20326

In Telephony, there is a possible disclosure of SIM identifiers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-185235527...

CVE-2022-20326

In Telephony, there is a possible disclosure of SIM identifiers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-185235527...

Information disclosure

In Telephony, there is a possible disclosure of SIM identifiers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-185235527...

It’s Time to Protect Every SIM

Ensuring the security of billions of mobile devices is a priority. Learn how Akamai aims to protect and secure every SIM as we continually adapt to new threats...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google Inc. in the United States. A security vulnerability exists in Google Android 13, which stems from the disclosure of SIM identifiers in its Telephony due to a lack of privilege checking, which could lead to the disclosure of...

CVE-2022-20326

CVE-2022-20326 affects Android 13 Telephony: a missing permission check allows disclosure of SIM identifiers via local information disclosure with low privileges and no user interaction. The issue is categorized as Information Disclosure/Telephony, with impact limited to confidential data exposur...