71 matches found
CVE-2023-52498
CVE-2023-52498 : Linux kernel sleep deadlock in system-wide PM code in low-memory conditions. root cause: system-wide resume core code could deadlock because async_schedule_dev() sometimes runs the argument synchronously and may contend for a mutex; this could cause ordering issues in resume call...
AI Decides to Engage in Insider Trading
A stock-trading AI a simulated experiment engaged in insider trading, even though it "knew" it was wrong. The agent is put under pressure in three ways. First, it receives a email from its "manager" that the company is not doing well and needs better performance in the next quarter. Second, the...
Missing deadline checks
Lines of code Vulnerability details Consider addings implementation to handle the expiration of the transaction for additional security. To implement a transaction expiration mechanism in the emergencyWithdraw add a timestamp check to ensure that the transaction is executed only within a certain...
CVE-2023-4048
An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...
Winning the Mind Game: The Role of the Ransomware Negotiator
Get exclusive insights from a real ransomware negotiator who shares authentic stories from network hostage situations and how he managed them. The Ransomware Industry Ransomware is an industry. As such, it has its own business logic: organizations pay money, in crypto-currency, in order to regain...
Advance Charity Management 1.0 Insecure Settings
Title: Advance Charity Management-1.0 - TLS cookie without secure flag set-PHPSESSID NEVER EXPIRATION-current session-Hijacking Author: nu11secur1ty Date: 06.04.2023 Vendor: https://www.sourcecodester.com/users/aown-shah Software:...
Equity.sol : restructureCapTable is not using correct index in array
Lines of code Vulnerability details Impact When array of addresses are passed to restructure in the emergency situation, contract would revert due to accessing the first index always. Not able to restructure in single call during emergency. Proof of Concept function restructureCapTableaddress...
Microsoft Edge’s vulnerability, related to synchronization errors when using a shared resource, allows attackers to escalate their privileges.
The vulnerability of Microsoft Edge is related to synchronization errors when using a shared resource “Race Situation”. Exploiting this vulnerability can allow an attacker to gain increased privileges...
Florida hospital takes entire IT systems offline after 'ransomware attack'
Tallahassee Memorial Healthcare TMH, a major hospital system in northern Florida, has reportedly been experiencing an "IT security issue" since Thursday evening, which impacted some of its IT systems. When TMH learned of the issue, it took its entire IT systems offline as a precaution and contact...
Ambiguous situation exists for calling triggerDepeg and triggerEndEpoch functions when block.timestamp is set to epochEnd
Lines of code Vulnerability details Impact As shown by the following isDisaster modifier, which is used by the triggerDepeg function below, and the triggerEndEpoch function below, when block.timestamp is set to epochEnd, both of the triggerDepeg and triggerEndEpoch functions are allowed to be...
Malicious code in winston-pg-native (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c5ce4395f11e08aabe826bbeccb1004202503971e7d29e5d42730ce51f7f44b3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
4 Strategies to Help Your Cybersecurity Budget Work Harder
The digital economy is being disrupted by data. An estimated 79 zettabytes of data was created and consumed in 2021— a staggering amount that is reshaping how we do business. But as the volume and value of data increases, so does the motivation for hackers to steal it. As such, cybersecurity is a...
Chinese Hackers Targeting Russian Military Personnel with Updated PlugX Malware
A China-linked government-sponsored threat actor observed striking European diplomatic entities in March may have been targeting Russian government officials with an updated version of a remote access trojan called PlugX. Secureworks attributed the attempted intrusions to a threat actor it tracks...
Threat Source newsletter (March 17, 2022) — Channelling productive worry to help Ukraine
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. Cisco Talos continues to be heads-down working on the current Ukraine situation. This is incredibly difficult for everyone across the globe, especially for those directly affected. But that doesn’t mean those of... Th...
Mitigating Log4Shell and Other Log4j-Related Vulnerabilities
Summary The Cybersecurity and Infrastructure Security Agency CISA, the Federal Bureau of Investigation FBI, National Security Agency NSA, Australian Cyber Security Centre ACSC, Canadian Centre for Cyber Security CCCS, the Computer Emergency Response Team New Zealand CERT NZ, the New Zealand...
Fortress Home Security Open to Remote Disarmament
A pair of vulnerabilities in the Fortress S03 WiFi Home Security System could allow cyberattackers to remotely disarm the system, leaving homes open to unlawful entry. The Fortress platform is a consumer-grade home security system that allows users to mix and match various sensors, IP cameras and...
Talos Takes Ep. #60: Everything you need to know about the Kaseya situation
By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. In this special "XL edition" of Talos Takes, we're bringing you the audio version of our live stream this week... This is...
CVS Health Records for 1.1 Billion Customers Exposed
More than 1 billion records for CVS Health customers were left in the database of a third-party, unnamed vendor – exposed, unprotected, online. Researchers said the data points revealed could be strung together to create an extremely personal snapshot of someones’s medical situation. The glitch i...
Why Software Supply Chain Attacks Are Inevitable and What You Must Do to Protect Your Applications
Most organizations have limited visibility over their software supply chain and little control of up to 95% of the software code they utilize. With multiple code sources from multiple software vendors, the number of known and unknown vulnerabilities quickly grows beyond the capabilities of intern...
Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4915-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4915-1 advisory. It was discovered that the overlayfs implementation in the Linux kernel did not properly validate the application of file system capabilities with respec...