#amazon

### Impact A potential denial-of-service issue exists in `ion-java` for applications that use `ion-java` to: * Deserialize Ion text encoded data, or * Deserialize Ion text or binary encoded data into the `IonValue` model and then invoke certain `IonValue` methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the `IonValue` model, results in a `StackOverflowError` originating from the `ion-java` library. Impacted versions: <1.10.5 ### Patches The patch is included in `ion-java` >= 1.10.5. ### Workarounds Do not load data which originated from an untrusted source or that could have been tampered with. **Only load data you trust.** ---- If you have any questions or comments about this advisory, we ask that you contact AWS/Amazon Security via our vulnerability reporting page [1] or directly via email to [[email protected]](mailto:[email protected]). Please do not create a public Git...

By Waqas Despite Google's proactive removal of these apps, the threat persists through third-party markets, compromising over 327,000 devices globally. This is a post from HackRead.com Read the original post: New Xamalicious Backdoor Infects 25 Android Apps, Affects 327K Devices

By Waqas The targeted victim of this data breach is Fallon Ambulance Services, which is a subsidiary of Transformative Healthcare. This is a post from HackRead.com Read the original post: Defunct Ambulance Service Data Breach Impacts Nearly 1 Million People

It was a year of devastating cyberattacks around the globe, from ransomware attacks on casinos to state-sponsored breaches of critical infrastructure.

Online scams abound every day, but these four scams from 2023 were particularly devious.

By Deeba Ahmed From Teen Prodigy to Cybercriminal: The Fall of a Lapsus$ Gang Member and the Dangers of the Online Underworld. This is a post from HackRead.com Read the original post: GTA 6 Hacker from Lapsus$ Gang Sentenced to Hospital

I tried to sell a futon on Facebook Marketplace and nearly all I got were scammers.

### Impact Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the`buildEndpoint` method in the `RestSerializer` component of the AWS SDK for PHP v3 prior to 3.288.1. The `buildEndpoint` method relies on the Guzzle Psr7 `UriResolver` utility, which strips dot segments from the request path in accordance with RFC 3986. Under certain conditions, this could lead to an arbitrary object being accessed. Versions of the AWS SDK for PHP v3 before 3.288.1 are affected by this issue. ### Patches Upgrade to the AWS SDK for PHP >= 3.288.1, if you are on version < 3.288.1. ### References RFC 3986 - [https://datatracker.ietf.org/doc/html/rfc3986](https://datatracker.ietf.org/doc/html/rfc3986#section-5.2.4) ### For more information If you have any questions or comments about this advisory, please contact [AWS's Security team](mailto:[email protected]).

By Waqas But the gang may already be back with a new domain. This is a post from HackRead.com Read the original post: FBI Seizes Dark Web Domain of Blackcat – ALPHV Ransomware

Plus: Apple tightens anti-theft protections, Chinese hackers penetrate US critical infrastructure, and the long-running rumor of eavesdropping phones crystallizes into more than an urban legend.