The many ways electric cars are vulnerable to hacks, and whether that matters in a real-world
I'd hate to be labeled a "car guy" now mentioning my new electric car in the lede of two newsletters in a row, but I couldn't resist. I'd been reading headlines for years about how electric cars (most notably Tesla) were vulnerable to a range of security vulnerabilities, even some that could allow....
7.4AI Score
K41043270 : Intel processor vulnerabilities CVE-2021-0086 and CVE-2021-0089
Security Advisory Description CVE-2021-0086 Observable response discrepancy in floating-point operations for some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. CVE-2021-0089 Observable response discrepancy in some Intel(R)...
6.5CVSS
6.2AI Score
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in PayTR Ödeme ve Elektronik Para Kuruluşu A.Ş. PayTR Taksit Tablosu – WooCommerce.This issue affects PayTR Taksit Tablosu – WooCommerce: from n/a through...
5.4CVSS
8.9AI Score
0.001EPSS
RHEL 9 : libreoffice (RHSA-2023:0304)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0304 advisory. libreoffice: Execution of Untrusted Macros Due to Improper Certificate Validation (CVE-2022-26305) libreoffice: Static Initialization...
7.7AI Score
0.002EPSS
A flaw was found in squid. Squid, when certain web browsers are used, mishandles HTML in the host parameter to cachemgr.cgi which could result in squid behaving in unsecure way. Mitigation The cachemgr.cgi script is not used by default. If you've set this up manually and are worried about this...
6.1CVSS
1.2AI Score
0.003EPSS
Amazon Linux 2 : glibc (ALAS-2021-1605)
The version of glibc installed on the remote host is prior to 2.26-41. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1605 advisory. The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in...
8.1CVSS
7.8AI Score
0.074EPSS
CentOS 8 : glibc (CESA-2020:4444)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4444 advisory. glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions (CVE-2020-10029) glibc: array overflow in backtrace functions...
7CVSS
7.7AI Score
0.001EPSS
griefer can create maximum length time locks for other users with only dust
Lines of code Vulnerability details Description veOLAS is the voting token for the OLAS protocol. It functions like the curve.fi voting token in that a user gets more votes the longer they lock their tokens. A user can create a lock for themselves or have another user create a lock for them, using....
6.8AI Score
Who is Alleged Medibank Hacker Aleksandr Ermakov?
Authorities in Australia, the United Kingdom and the United States this week levied financial sanctions against a Russian man accused of stealing data on nearly 10 million customers of the Australian health insurance giant Medibank. 33-year-old Aleksandr Ermakov allegedly stole and leaked the...
6.8AI Score
“The mother of all breaches”: 26 billion records found online [Updated]
Security researchers have discovered billions of exposed records online, calling it the "mother of all breaches". However, the dataset doesn't seem to be from one single data breach, but more a compilation of multiple breaches. These sets are often created by data enrichment companies. Data...
7.2AI Score
RHEL 8 : libreoffice (RHSA-2023:0089)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0089 advisory. libreoffice: Execution of Untrusted Macros Due to Improper Certificate Validation (CVE-2022-26305) libreoffice: Static Initialization...
7.7AI Score
0.002EPSS
“I’ll miss him so much” Facebook scam uses BBC branding to lure victims
Facebook scams are a constant nuisance and vary from like-farming to scams that can cost you some serious money. The latest one we found is a bit morbid. Recently, I’ve seen quite a few posts on my timeline that looked like this: Without going into details the post says: “I can’t believe he’s...
7.4AI Score
A lightweight method to detect potential iOS malware
Introduction In the ever-evolving landscape of mobile security, hunting for malware in the iOS ecosystem is akin to navigating a labyrinth with invisible walls. Imagine having a digital compass that not only guides you through this maze, but also reveals the hidden mechanisms of iOS malware...
6.7AI Score
Using Google Search to Find Software Can Be Risky
Google continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. The malicious ads, which appear above organic search results and often precede links to legitimate sources of...
7.1AI Score
Cross-Site Request Forgery (CSRF) vulnerability in Marketing Rapel MkRapel Regiones y Ciudades de Chile para WC.This issue affects MkRapel Regiones y Ciudades de Chile para WC: from n/a through...
8.8CVSS
8.6AI Score
0.001EPSS
Cybersecurity spend to soar in 2024: How companies can maximize their investment
"Spend smarter, not harder" is the mantra for 2024, as Gartner forecasts a 14.3% jump in global security and risk management spending—an uptick which brings a renewed focus on the need for cost-effective cybersecurity investments. Inefficient cybersecurity spending, a known problem, becomes even...
7.4AI Score
Google changes wording for Incognito browsing in Chrome
Users of Chrome Canary have noticed some slight changes in the wording that Google uses for Incognito mode. Chrome Canary is mainly intended for use by developers. It’s updated nearly daily with new features, and because it can be used alongside versions of the “normal” Chrome browser (known...
6.8AI Score
Why is the cost of cyber insurance rising?
I just bought an electric car last week, so I've been shopping for new car insurance policies that could offer me a discount for ditching gas. We're all familiar with the boring process of entering the same information 10 times over into 10 different companies' websites trying to see who comes out....
8.8CVSS
7.6AI Score
0.003EPSS
Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining CVE-2023-36478
Summary There is a vulnerability in Eclipse Jetty that could allow an remote attacker to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID:...
7.5CVSS
8AI Score
0.004EPSS
K29146534 : SSB Variant 4 vulnerability CVE-2018-3639
Security Advisory Description Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel...
5.5CVSS
6.2AI Score
0.003EPSS
Cross site request forgery (csrf)
Cross-Site Request Forgery (CSRF) vulnerability in Marketing Rapel MkRapel Regiones y Ciudades de Chile para WC.This issue affects MkRapel Regiones y Ciudades de Chile para WC: from n/a through...
8.8CVSS
7.2AI Score
0.001EPSS
K54252492 : Side-channel processor vulnerability CVE-2018-3693
Security Advisory Description Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. (CVE-2018-3693 also known as Spectre.....
5.6CVSS
6.2AI Score
0.001EPSS
Exploit for Missing Authorization in Rapidload Power-Up For Autoptimize
Exploit LFI para TryHackMe: Hacker vs Hacker Descrição...
4.3CVSS
7AI Score
0.001EPSS
CVE-2023-7161 Netentsec NS-ASG Application Security Gateway Login sql injection
A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file index.php?para=index of the component Login. The manipulation of the argument check_VirtualSiteId leads to sql injection. It is possible to...
7.3CVSS
10AI Score
0.001EPSS
Introducing Wordfence CLI 3.0.1: Now With Automatic Remediation!
Note: This post refers to Wordfence CLI, the command line tool for operations teams to rapidly scan large numbers of WordPress websites for vulnerabilities and malware, not the Wordfence plugin which is deeply integrated into WordPress and provides additional functionality, like a firewall,...
7.7AI Score
Here’s Some Bitcoin: Oh, and You’ve Been Served!
A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. The case is thought to be the first in which a federal court has recognized the use of information included in a bitcoin transaction -- such as a...
6.8AI Score
Cross-Site Request Forgery (CSRF) vulnerability in Marketing Rapel MkRapel Regiones y Ciudades de Chile para WC.This issue affects MkRapel Regiones y Ciudades de Chile para WC: from n/a through...
8.8CVSS
0.001EPSS
Exploring the (Not So) Secret Code of Black Hunt Ransomware
It seems like every week, the cybersecurity landscape sees the emergence of yet another ransomware variant, with Black Hunt being one of the latest additions. Initially reported by cybersecurity researchers in 2022, this new threat has quickly made its presence known. In a recent incident, Black...
8.2AI Score
Cross-Site Request Forgery (CSRF) vulnerability in Marketing Rapel MkRapel Regiones y Ciudades de Chile para WC.This issue affects MkRapel Regiones y Ciudades de Chile para WC: from n/a through...
4.3CVSS
8.9AI Score
0.001EPSS
5.3CVSS
6.7AI Score
0.001EPSS
On December 11, 2023, we added an Unauthenticated Stored XSS vulnerability in the Popup Builder WordPress plugin to our Wordfence Intelligence Vulnerability Database. This vulnerability, which was originally reported by WPScan, allows an unauthenticated attacker to inject arbitrary JavaScript that....
6.4AI Score
6.1CVSS
6AI Score
0.001EPSS
[SECURITY] [DLA 3703-1] libreoffice security update
Debian LTS Advisory DLA-3703-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès December 31, 2023 https://wiki.debian.org/LTS Package : libreoffice Version : 1:6.1.5-3+deb10u11 CVE...
8.8CVSS
8.6AI Score
0.003EPSS
Subdomain takeover poses a significant security threat in cloud environments. It occurs when a subdomain of a domain (e.g., subdomain.example.com) inadvertently resolves to an external service no longer under the organization's control. These orphaned subdomains provide attackers with a foothold...
7AI Score
Microsoft disables ms-appinstaller after malicious use
In what might be conceived as one of Microsoft’s new year resolutions, it has disclosed that it's turned off the ms-appinstaller protocol handler by default. The change is designed to make installing apps easier, but it also makes installing malware easier. Typically, an app needs to be on a...
7.1AI Score
Happy 14th Birthday, KrebsOnSecurity!
KrebsOnSecurity celebrates its 14th year of existence today! I promised myself this post wouldn't devolve into yet another Cybersecurity Year in Review. Nor do I wish to hold forth about whatever cyber horrors may await us in 2024. But I do want to thank you all for your continued readership,...
7.2AI Score
EulerOS 2.0 SP8 : glibc (EulerOS-SA-2021-1872)
According to the version of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3...
7.5CVSS
8.7AI Score
0.013EPSS
cremas-para-la-piel.es Cross Site Scripting vulnerability OBB-3675083
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
[2.28-225.0.4.6] - CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode. - CVE-2023-4806: potential use-after-free in getaddrinfo. - CVE-2023-4813: potential use-after-free in gaih_inet (RHEL-2435). - CVE-2023-4813: work around RHEL-8 limitation in test (RHEL-2435). Reviewed by: Jose...
7.8CVSS
7.6AI Score
0.014EPSS
Oops! Black Basta ransomware flubs encryption
Researchers at SRLabs have made a decryption tool available for Black Basta ransomware, allowing some victims of the group to decrypt files without paying a ransom. The decryptor works for victims whose files were encrypted between November 2022 and December 2023. The decryptor, called Black Basta....
7.1AI Score
K50974556 : Overview of F5 vulnerabilities (August 2021)
Security Advisory Description On August 24, 2021, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associated.....
9.9CVSS
10AI Score
0.002EPSS
Issue Overview: 2023-12-14: CVE-2021-33574 was added to this advisory. The mq_notify function in the GNU C Library (aka glibc) has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to....
9.8CVSS
8.9AI Score
0.017EPSS
CentOS 8 : glibc (CESA-2021:1585)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:1585 advisory. glibc: iconv program can hang when invoked with the -c option (CVE-2016-10228) glibc: buffer over-read in iconv when processing invalid multi-byte...
9.8CVSS
8.5AI Score
0.02EPSS
para-port.com Cross Site Scripting vulnerability OBB-3650669
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
Oracle Linux 8 : glibc (ELSA-2021-1585)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1585 advisory. The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding...
9.8CVSS
8.5AI Score
0.02EPSS
TensorFlow has Null Pointer Error in RandomShuffle with XLA enable
Impact NPE in RandomShuffle with XLA enable python import tensorflow as tf func = tf.raw_ops.RandomShuffle para = {'value': 1e+20, 'seed': -4294967297, 'seed2': -2147483649} @tf.function(jit_compile=True) def test(): y = func(**para) return y test() Patches We have pat...
7.5CVSS
7.4AI Score
0.001EPSS
TensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantize
Impact NPE in QuantizedMatMulWithBiasAndDequantize with MKL enable ```python import tensorflow as tf func = tf.raw_ops.QuantizedMatMulWithBiasAndDequantize para={'a': tf.constant(138, dtype=tf.quint8), 'b': tf.constant(4, dtype=tf.qint8), 'bias': [[31.81644630432129, 47.21876525878906],...
7.5CVSS
7.4AI Score
0.001EPSS
TensorFlow has Floating Point Exception in TensorListSplit with XLA
Impact FPE in TensorListSplit with XLA python import tensorflow as tf func = tf.raw_ops.TensorListSplit para = {'tensor': [1], 'element_shape': -1, 'lengths': [0]} @tf.function(jit_compile=True) def fuzz_jit(): y = func(**para) return y print(fuzz_jit()) Patches We hav...
7.5CVSS
7.4AI Score
0.001EPSS
TensorFlow has Null Pointer Error in LookupTableImportV2
Impact The function tf.raw_ops.LookupTableImportV2 cannot handle scalars in the values parameter and gives an NPE. ```python import tensorflow as tf v = tf.Variable(1) @tf.function(jit_compile=True) def test(): func = tf.raw_ops.LookupTableImportV2 para={'table_handle': v.handle,'keys':...
7.5CVSS
7.4AI Score
0.001EPSS
TensorFlow vulnerable to Out-of-Bounds Read in DynamicStitch
Impact If the parameter indices for DynamicStitch does not match the shape of the parameter data, it can trigger an stack OOB read. python import tensorflow as tf func = tf.raw_ops.DynamicStitch para={'indices': [[0xdeadbeef], [405], [519], [758], [1015]], 'data': [[110.27793884277344],...
7.5CVSS
7.4AI Score
0.001EPSS