Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2023-27217: ‘FriendlyName’ Buffer Overflow Vulnerability in Wemo Smart Plug V2 | Sternum

A stack-based buffer overflow in the ChangeFriendlyName() function of Belkin Smart Outlet V2 F7c063 firmware_2.00.11420.OWRT.PVT_SNSV2 allows attackers to cause a Denial of Service (DoS) via a crafted UPNP request.

CVE
Open in Source
#vulnerability#apple#google#amazon#linux#dos#perl#buffer_overflow#ssh#wifi
Rebinding Attacks Persist With Spotty Browser Defenses

DNS rebinding attacks are not often seen in the wild, which is one reason why browser makers have taken a slower approach to adopting the web security standard.

Apple Boots a Half-Million Developers From Official App Store

The mobile phone and MacBook giant also rejected nearly 1.7 million app submissions last year in an effort to root out malware and fraud.

CVE-2023-31903: OffSec’s Exploit Database Archive

GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file.

CVE-2023-31904: OffSec’s Exploit Database Archive

savysoda Wifi HD Wireless Disk Drive 11 is vulnerable to Local File Inclusion.

ChatGPT Scams Are Infiltrating Apple's App Store and Google Play

An explosion of interest in OpenAI’s sophisticated chatbot means a proliferation of “fleeceware” apps that trick users with sneaky in-app subscriptions.

Announcing The BlueHat Podcast: Listen and Subscribe Now!

Available today on all major podcast platforms is The BlueHat Podcast, a new series of security research focused conversations, continuing the themes from the BlueHat 2023 conference (session recordings available to watch here). Since 2005, BlueHat has been where the security research community, and Microsoft, come together as peers: to debate, discuss, share, challenge, celebrate and learn.

Unpatched Wemo Smart Plug Bug Opens Countless Networks to Cyberattacks

Cyberattckers can easily exploit a command-injection bug in the popular device, but Belkin has no plans to address the security vulnerability.

Attackers Target macOS With 'Geacon' Cobalt Strike Tool

Threat actors seen using Go-language implementation of the red-teaming tool on Intel and Apple silicon-based macOS systems.

RHSA-2023:3136: Red Hat Security Advisory: java-1.8.0-ibm security update

An update for java-1.8.0-ibm is now available for Red Hat Enterprise Linux 7 Supplementary. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-21426: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated...