Cyber espionage by Chinese hackers in neighbouring nations is on the rise

A string of cyber espionage campaigns dating all the way back to 2014 and likely focused on gathering defense information from neighbouring countries have been linked to a Chinese military-intelligence apparatus. In a wide-ranging report published by Massachusetts-headquartered Recorded Future th...

Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign

Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise BEC infrastructure hosted in multiple web services. Attackers used this cloud-based infrastructure to compromise mailboxes via phishing and add forwarding rules, enabling these attackers to...

Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign

Microsoft 365 Defender researchers recently uncovered and disrupted a large-scale business email compromise BEC infrastructure hosted in multiple web services. Attackers used this cloud-based infrastructure to compromise mailboxes via phishing and add forwarding rules, enabling these attackers to...

CVE-2021-25396

An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution...

Samsung SMR 缓冲区错误漏洞

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. A security vulnerability exists in SMR JUN-2021 Release 1, which stems from a possible out-of-bounds write vulnerability in the application's NPU driver that allows arbitrary memor...

Samsung SMR 缓冲区错误漏洞

Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung cell phone applications. A security vulnerability exists in SMR MAY-2021 Release 1, which stems from an incorrect input validation vulnerability in the application's NPU firmware that allows arbitrary...

AMD 多款产品安全漏洞

AMD Platform Security Processor and others are products of AMD Corporation.AMD Platform Security Processor is a security processor.AMD Secure Encrypted Virtualization is an application software.AMD System Management Unit SMU is a system management unit. A security vulnerability exists in several...

CVE-2020-23321

There is a heap-buffer-overflow at lit-strings.c:431 in litreadcodeunitfromutf8 in JerryScript 2.2.0...

CVE-2020-23321

CVE-2020-23321 is a documented heap-buffer-overflow in JerryScript 2.2.0, triggered by lit_read_code_unit_from_utf8 (lit-strings.c:431). The vulnerability affects JerryScript 2.2.0 and is assigned a high/critical severity in public feeds (NVD CVSSv3.1: 9.8, NETWORK attack, no authentication, impa...

How purple teams can embrace hacker culture to improve security

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Matthew Hickey, co-founder, CEO, and writ...

JerryScript 缓冲区错误漏洞

JerryScript is a lightweight JavaScript engine . A heap buffer overflow vulnerability exists in litreadcodeunitfromutf8 in lit-strings.c:431 in JerryScript version 2.2.0. No details of the vulnerability are provided at this time...

PT-2024-11238 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.13.0-rc5-syzkaller Description: The vulnerability is related to the KVM Kernel-based Virtual Machine component of the Linux kernel. It occurs when the MMU Memory Management Unit context is not properly reset...

CVE-2021-26314

Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage...

Intel NUC安全漏洞

The Intel NUC is a small minicomputer from Intel USA. A security vulnerability exists in Intel NUC versions prior to 1.1, which stems from incorrect default permissions in the software that could allow authenticated users to enable privilege escalation via local access...

AMD CPU 信息泄露漏洞

AMD CPUs are a family of CPUs from the American company AMD. An information disclosure vulnerability exists in AMD CPUs that originates from errors such as configuration during operation of a networked system or product. An unauthorized attacker could exploit the vulnerability to obtain sensitive...

Cambridge Xen 安全漏洞

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. A security vulnerability exists in XEN that...

PT-2021-11184 · Silverstripe +3 · Silverstripe +2

SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility meant for parsing HTML within unit tests can be vulnerable to XML External Entity XXE attacks. When this developer utility is misused for purposes involving external or user submitted data in custom...

BMXNOR0200H Ethernet/Serial RTU module 信息泄露漏洞

The Schneider Electric BMXNOR0200H Ethernet/Serial RTU module is an Ethernet Serial RTU Remote Terminal Unit module from Schneider Electric France. An information disclosure vulnerability exists in the Modicon X80 BMXNOR0200H RTU SV1.70 IR22 and earlier versions, which originates when a specially...

Nord Security: NordVPN Linux Client - Unsafe service file permissions leads to Local Privilege Escalation

The Linux package available in NordVPN's repository is affected by a permission issue in init script and systemd unit files that allows any user on the system to execute arbitrary command as root. Tested Version Tested version is the latest available on the repository, which is 3.10.0 and is...

GSD-2021-1000008 Denial of Service in Leaf EV (car) version 2018 SV

In Nissan Leaf EV car version 2018 SV a Denial of Service exists in the Head Unit Display that can be attacked via Local Access resulting in Denial of Service HUD being disabled...