#asus

Categories: Android Categories: News Tags: Samsung Tags: message guard Tags: sandbox Tags: zero-click exploit Tags: images Tags: attachments Samsung has announced the introduction of Message Guard protection against zero-click exploits for the Samsung Galaxy S23 series. (Read more...) The post Samsung adds Message Guard protection against zero-click exploits appeared first on Malwarebytes Labs.

Apple has revised the security advisories it released last month to include three new vulnerabilities impacting iOS, iPadOS, and macOS. The first flaw is a race condition in the Crash Reporter component (CVE-2023-23520) that could enable a malicious actor to read arbitrary files as root. The iPhone maker said it addressed the issue with additional validation. The two other vulnerabilities,

By Deeba Ahmed The bugs allowed cybercriminals to bypass the iOS system's security protections and execute unauthorized code. This is a post from HackRead.com Read the original post: Apple Bug Could Allow Attackers Access to Photos and Messages

Security researchers found a class of flaws that, if exploited, would allow an attacker to access people’s messages, photos, and call history.

By Deeba Ahmed Samsung Message Guard is a new feature that protects users against zero-click attacks, including those appearing from messaging apps. This is a post from HackRead.com Read the original post: New Samsung Message Guard protects users against Zero-Click attacks

By Deeba Ahmed The cyber attack took place on Tuesday, February 14th evening, which forced the SAS Airlines' website and app to go offline and be inaccessible to passengers. This is a post from HackRead.com Read the original post: SAS Airlines Hit by Cyber Attack

ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges.

DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service (JAAS) authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any username and password. The reason for this is that while an error is thrown in the `authenticateJaasUser` method it is swallowed without propagating the error. As a result of this issue unauthenticated users may gain access to the system. Users are advised to upgrade. There are no known workarounds for this issue. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-081.

opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` uses the `httpconv.ServerRequest` function to annotate metric measurements for the `http.server.request_content_length`, `http.server.response_content_length`, and `http.server.duration` instruments. The `ServerRequest` function sets the `http.target` attribute value to be the whole request URI (including the query string)[^1]. The metric instruments do not "forget" previous measurement attributes when `cumulative` temporality is used, this means the cardinality of the measurements allocated is directly correlated with the unique URIs handled. If the query string is constantly random, this will result in a constant increase in memory allocation that can be used in a denial-of-service attack. This issue has been addressed in version 0.39.0. Users are advised to upgrade. There are no known workarounds for this issue.

Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations.