Supermicro's BMC Firmware Found Vulnerable to Multiple Critical Vulnerabilities
Multiple security vulnerabilities have been disclosed in the Intelligent Platform Management Interface (IPMI) firmware for Supermicro baseboard management controllers (BMCs) that could result in privilege escalation and execution of malicious code on affected systems. The seven flaws, tracked from....
7.7AI Score
0.0004EPSS
Exploit for Use After Free in Linux Linux Kernel
Detection-and-Mitigation-for-CVE-2022-1679 The ath9k is a...
7.8CVSS
6.8AI Score
0.0004EPSS
Introduction This guide deals with threat modelling and early stages of development so that security issues and controls are identified before committing to manufacturing. Current attack methods, and the pitfalls we find in embedded designs, have been highlighted so that a finished product is as...
8AI Score
Parmesan Anti-Forgery Protection
The Guardian is reporting about microchips in wheels of Parmesan cheese as an anti-forgery...
7AI Score
Security News This Week: US Energy Firm Targeted With Malicious QR Codes in Mass Phishing Attack
New research reveals the strategies hackers use to hide their malware distribution system, and companies are rushing to release mitigations for the “Downfall” processor vulnerability on Intel...
7AI Score
New ‘Downfall’ Flaw Exposes Valuable Data in Generations of Intel Chips
The vulnerability could allow attackers to take advantage of an information leak to steal sensitive details like private messages, passwords, and encryption...
6.7AI Score
Recapping the top stories from Black Hat and DEF CON
Welcome to this week's edition of the Threat Source newsletter. I had a significant amount of FOMO last week seeing everyone out in Vegas. (I was happy to not get conference crud sickness, but it seems like I missed a great time otherwise.) But, as anyone who works with me could guess, I was...
6.5CVSS
6.9AI Score
0.001EPSS
The Threat Lurking in Data Centers – Hack Power Management Systems, Take All the Power
The Threat Lurking in Data Centers – Hack Power Management Systems, Take All the Power By Trellix · August 12, 2023 This story was also written by Jesse Chick, Philippe Laulheret and Sam Quinn. Summary In a modern working environment where many employees are working from home or in hybrid office...
7.9AI Score
0.003EPSS
The Threat Lurking in Data Centers – Hack Power Management Systems, Take All the Power
The Threat Lurking in Data Centers – Hack Power Management Systems, Take All the Power By Trellix · August 12, 2023 This story was also written by Jesse Chick, Philippe Laulheret and Sam Quinn. Summary In a modern working environment where many employees are working from home or in hybrid office...
8.2AI Score
0.003EPSS
6.9AI Score
0.0004EPSS
7.5AI Score
0.573EPSS
CentOS Update for glx-utils CESA-2013:0898 centos5
The remote host is missing an update for...
6.4AI Score
0.014EPSS
CentOS Update for glx-utils CESA-2013:0897 centos6
The remote host is missing an update for...
6.4AI Score
0.014EPSS
Google Releases Android Patch Update for 3 Actively Exploited Vulnerabilities
Google has released its monthly security updates for the Android operating system, addressing 46 new software vulnerabilities. Among these, three vulnerabilities have been identified as actively exploited in targeted attacks. One of the vulnerabilities tracked as CVE-2023-26083 is a memory leak...
9.6CVSS
8.1AI Score
0.038EPSS
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3875 Vasiliy Kulikov discovered an issue in the Linux implementation of the ...
9.8CVSS
1.9AI Score
0.029EPSS
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-2524 David Howells reported an issue in the Common Internet.....
9.8CVSS
1AI Score
0.027EPSS
The US Navy, NATO, and NASA Are Using a Shady Chinese Company’s Encryption Chips
The US government warns encryption chipmaker Hualan has suspicious ties to China’s military. Yet US agencies still use one of its subsidiary’s chips, raising fears of a...
7AI Score
A bowl full of security problems: Examining the vulnerabilities of smart pet feeders
Introduction In today's interconnected world, more and more devices are being connected to the internet, including everyday household items like pet feeders that are becoming smart by virtue of this simple fact. However, as these devices become more sophisticated, they also become more vulnerable.....
8.7AI Score
Activities in the Cybercrime Underground Require a New Approach to Cybersecurity
As Threat Actors Continuously Adapt their TTPs in Today's Threat Landscape, So Must You Earlier this year, threat researchers at Cybersixgill released the annual report, The State of the Cybercrime Underground. The research stems from an analysis of Cybersixgill's collected intelligence items...
7AI Score
Unbreakable Enterprise kernel security update
[5.15.0-102.110.5] - RISC-V: Fix up a cherry-pick warning in setup_vm_final() (Alexandre Ghiti) - Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (Liu Jian) - riscv: mm: remove redundant parameter of create_fdt_early_page_table (Song Shuai) - kernfs:...
7.8CVSS
8.5AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[5.4.17-2136.320.7] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] - KVM:...
7.8CVSS
8AI Score
0.0004EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.320.7.el8] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] -...
7.8CVSS
7.8AI Score
0.0004EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.320.7.el7] - selftests: fib_tests: mute cleanup error message (Po-Hsu Lin) - KVM: arm64: PMU: Align chained counter implementation with architecture pseudocode (Marc Zyngier) [Orabug: 35449815] - KVM: arm64: Filter out v8.1+ events on v8.0 HW (Marc Zyngier) [Orabug: 35449815] -...
7.8CVSS
7.8AI Score
0.0004EPSS
New BrutePrint Attack Lets Attackers Unlock Smartphones with Fingerprint Brute-Force
Researchers have discovered an inexpensive attack technique that could be leveraged to brute-force fingerprints on smartphones to bypass user authentication and seize control of the devices. The approach, dubbed BrutePrint, bypasses limits put in place to counter failed biometric authentication...
7.5AI Score
Fedora 14 : kernel-2.6.35.6-48.fc14 (2010-16826)
Fix several important security issues. Also fixes suspend on some systems with TPM chips, enables additional Ricoh SDHC adapters, and fixes a problem with the error message printed when an Intel IOMMU gets disabled. Note that Tenable Network Security has extracted the preceding description block...
7.2AI Score
0.001EPSS
Intel Let Google Cloud Hack Its New Secure Chips and Found 10 Bugs
To protect its Confidential Computing cloud infrastructure and gain critical insights, Google leans on its relationships with...
7.1AI Score
The Bug Report - March 2023 Edition
The Bug Report – March 2023 Edition By Trellix · April 05, 2023 This story was also written by Kasimir Schulz. It really is bussin, though. Why am I here? Welcome back to the Bug Report, Ides of March edition! Last month was highlighted by glimpses into the past, with a historic attack...
8.7AI Score
0.915EPSS
The Bug Report - March 2023 Edition
The Bug Report – March 2023 Edition By Trellix · April 05, 2023 This story was also written by Kasimir Schulz. It really is bussin, though. Why am I here? Welcome back to the Bug Report, Ides of March edition! Last month was highlighted by glimpses into the past, with a historic attack...
7.8AI Score
0.915EPSS
ChatGPT happy to write ransomware, just really bad at it
This morning I decided to write some ransomware. I've never done it before, and I can't code in C, the language ransomware is mostly commonly written in, but I have a reasonably good idea of what ransomware does. Previously, this lack of technical skills would have served as something of a barrier....
7.1AI Score
Threat Source newsletter (March 23, 2023) — Meta is threatening to ban news sharing in Canada. Good.
Welcome to this week's edition of the Threat Source newsletter. After asking ChatGPT to write the newsletter for me two weeks ago, I was tempted to have Google's Bard do the same, but I resisted making this the newsletter's new gimmick. Instead, I wanted to write about another tech giant -- Meta......
9.8CVSS
9.9AI Score
0.915EPSS
Google Uncovers 18 Severe Security Vulnerabilities in Samsung Exynos Chips
Google is calling attention to a set of severe security flaws in Samsung's Exynos chips, some of which could be exploited remotely to completely compromise a phone without requiring any user interaction. The 18 zero-day vulnerabilities affect a wide range of Android smartphones from Samsung, Vivo,....
0.2AI Score
Unbreakable Enterprise kernel security update
[5.4.17-2136.317.5.3] - udf: Fix file corruption when appending just after end of preallocated extent (Jan Kara) [Orabug: 35192150] - selftests/ftrace: Fix bash specific '==' operator (Masami Hiramatsu (Google)) [Orabug: 35192150] - net: Fix unwanted sign extension in netdev_stats_to_stats64()...
7.8CVSS
8.4AI Score
0.001EPSS
Unbreakable Enterprise kernel-container security update
[5.4.17-2136.317.5.3] - udf: Fix file corruption when appending just after end of preallocated extent (Jan Kara) [Orabug: 35192150] - selftests/ftrace: Fix bash specific '==' operator (Masami Hiramatsu (Google)) [Orabug: 35192150] - net: Fix unwanted sign extension in netdev_stats_to_stats64()...
7.8CVSS
8.4AI Score
0.001EPSS
Highlights from the New U.S. Cybersecurity Strategy
The Biden administration today issued its vision for beefing up the nation's collective cybersecurity posture, including calls for legislation establishing liability for software products and services that are sold with little regard for security. The White House's new national cybersecurity...
AI Score
K02326457 : Multiple AMD processor vulnerabilities
Security Advisory Description CVE-2018-8930 The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3. CVE-2018-8931 The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips...
9CVSS
9AI Score
0.005EPSS
K60570139 : Rowhammer hardware vulnerability CVE-2020-10255
Security Advisory Description Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create...
9CVSS
9AI Score
0.002EPSS
K23440942 : Insufficient validation of ICMP error messages CVE-2004-0790 (11.x - 13.x)
Security Advisory Description The vulnerability described in this article was initially fixed in earlier versions, but a regression was reintroduced in BIG-IP 12.x through 13.x. For information about earlier versions, refer to K4583: Insufficient validation of ICMP error messages - VU#222750 /...
6.3AI Score
0.965EPSS
Chip company loses $250m after ransomware hits supply chain
Applied Materials, one of the world's leading suppliers of equipment, services, and software for the manufacture of semiconductors, has warned that its second-quarter sales are likely to be hurt to the tune of $250 million due to a cybersecurity attack at one of its suppliers. MKS Instruments Inc.....
0.5AI Score
Critical Infrastructure at Risk from New Vulnerabilities Found in Wireless IIoT Devices
A set of 38 security vulnerabilities has been uncovered in wireless industrial internet of things (IIoT) devices from four different vendors that could pose a significant attack surface for threat actors looking to exploit operational technology (OT) environments. "Threat actors can exploit...
10CVSS
1.1AI Score
0.014EPSS
gratis-chips-gewinnen.de Cross Site Scripting vulnerability OBB-3033879
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.1AI Score
Multiple MediaTek chips ims elevation of privilege vulnerabilities
MediaTek chips are a variety of chips from MediaTek, a China-based MediaTek company. Several MediaTek chips ims have an elevation of privilege vulnerability, which stems from a mismatch in the package format and can be exploited by attackers for elevation of...
7.8CVSS
5.5AI Score
0.0004EPSS
Moderate: userspace graphics, xorg-x11, and mesa security, bug fix, and enhancement update
X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Mesa provides a 3D graphics API that is compatible with Open Graphics Library (OpenGL). It also provides hardware-accelerated.....
7.8CVSS
8.6AI Score
0.001EPSS
Multiple MediaTek chip telephony privilege elevation vulnerabilities
MediaTek chips are a variety of chips from MediaTek, a China-based MediaTek company. Several MediaTek chips telephony has elevation of privilege vulnerability, the vulnerability originated from the package format mismatch, attackers can use the vulnerability for elevation of...
7.8CVSS
4.6AI Score
0.0004EPSS
Allwinner 3.4 Legacy Kernel Local Privilege Escalation
This module attempts to exploit a debug backdoor privilege escalation in Allwinner SoC based devices. Vulnerable Allwinner SoC chips: H3, A83T or H8 which rely on Kernel 3.4. Vulnerable OS: all OS images available for Orange Pis, any for FriendlyARM's NanoPi M1, SinoVoip's M2+ and M3, Cuebietech's....
7.3AI Score
State Sponsored Attacks in 2023 and Beyond
As we begin 2023 I wanted to take some time and look at the state sponsored threat landscape. Over the last few decades we've seen seismic shifts in how state sponsored actors attack, starting with traditional espionage with attacks like Moonlight Maze and Project Gunman and evolving into more...
0.2AI Score
Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8....
6.5CVSS
8.1AI Score
0.001EPSS
Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8....
6.5CVSS
7.5AI Score
0.001EPSS
Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8....
6.5CVSS
6.6AI Score
0.001EPSS
Unbreakable Enterprise kernel-container security update
[4.14.35-2047.521.4.el7] - tcp: Tunables for TCP delayed ack (min and max) timers (Venkat Venkatsubra) [Orabug: 34883100] [4.14.35-2047.521.3.el7] - Revert 'random: use expired timer rather than wq for mixing fast pool' (Saeed Mirzamohammadi) [Orabug: 34918228] [4.14.35-2047.521.2.el7] -...
7.8CVSS
AI Score
0.0004EPSS
Unbreakable Enterprise kernel security update
[4.14.35-2047.521.4] - tcp: Tunables for TCP delayed ack (min and max) timers (Venkat Venkatsubra) [Orabug: 34883100] [4.14.35-2047.521.3] - Revert 'random: use expired timer rather than wq for mixing fast pool' (Saeed Mirzamohammadi) [Orabug: 34918228] [4.14.35-2047.521.2] - RDS/IB: Fix the...
7.8CVSS
AI Score
0.0004EPSS