Security
Headlines
HeadlinesLatestCVEs

Tag

#bios

Taiwanese PC Company MSI Falls Victim to Ransomware Attack

Taiwanese PC company MSI (short for Micro-Star International) officially confirmed it was the victim of a cyber attack on its systems. The company said it "promptly" initiated incident response and recovery measures after detecting "network anomalies." It also said it alerted law enforcement agencies of the matter. That said, MSI did not disclose any specifics about when the attack took place

The Hacker News
#web#ios#bios#acer#The Hacker News
New Money Message Ransomware Gang Hits MSI, Threatens of Data Leak

By Waqas The Money Message ransomware group has reportedly demanded a ransom of $4 million from MSI. This is a post from HackRead.com Read the original post: New Money Message Ransomware Gang Hits MSI, Threatens of Data Leak

CVE-2023-1582: Re: [stable-5.15 PATCH] fs/proc: task_mmu.c: don't read mapcount for migration entry

A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service.

CVE-2023-27167

Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1.

Suprema BioStar 2 2.8.16 SQL Injection

Suprema BioStar 2 version 2.8.16 suffers from a remote SQL injection vulnerability.

CVE-2023-28866: [PATCH] Bluetooth: HCI: Fix global-out-of-bounds

In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.

CVE-2023-0590: [PATCH net] net: sched: fix race condition in qdisc_graft()

A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected.

CVE-2022-48424

In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur.

CVE-2023-1390: tipc: fix NULL deref in tipc_link_xmit() · torvalds/linux@b774134

A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition.

CVE-2023-24571: DSA-2023-046: Dell Client Platform Security Update for BIOS Vulnerabilities

Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution.