Security
Headlines
HeadlinesLatestCVEs

Tag

#google

Urgent: Microsoft Issues Patches for 97 Flaws, Including Active Ransomware Exploit

It's the second Tuesday of the month, and Microsoft has released another set of security updates to fix a total of 97 flaws impacting its software, one of which has been actively exploited in ransomware attacks in the wild. Seven of the 97 bugs are rated Critical and 90 are rated Important in severity. Interestingly, 45 of the shortcomings are remote code execution flaws, followed by 20

The Hacker News
Open in Source
#vulnerability#web#android#windows#apple#google#microsoft#ubuntu#linux#debian#cisco#red_hat#dos#apache#git#oracle#rce#samba#lenovo#amd#samsung#auth#ibm#dell#zero_day#chrome#firefox#sap#The Hacker News
Lazarus Sub-Group Labyrinth Chollima Uncovered as Mastermind in 3CX Supply Chain Attack

Enterprise communications service provider 3CX confirmed that the supply chain attack targeting its desktop application for Windows and macOS was the handiwork of a threat actor with North Korean nexus. The findings are the result of an interim assessment conducted by Google-owned Mandiant, whose services were enlisted after the intrusion came to light late last month. The threat intelligence

QuaDream: Israeli Cyber Mercenary Behind iPhone Hacks

By Habiba Rashid Citizens Lab and Microsoft have exposed an Israeli firm, QuaDream, selling spyware to governments around the world. This is a post from HackRead.com Read the original post: QuaDream: Israeli Cyber Mercenary Behind iPhone Hacks

CVE-2023-26554: ntp-4.2.8p15-cves/CVE-2023-26554 at main · spwpun/ntp-4.2.8p15-cves

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.

CVE-2023-26552: ntp-4.2.8p15-cves/CVE-2023-26552 at main · spwpun/ntp-4.2.8p15-cves

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.

CVE-2023-26553: ntp-4.2.8p15-cves/CVE-2023-26553 at main · spwpun/ntp-4.2.8p15-cves

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.

CVE-2023-26551: ntp-4.2.8p15-cves/CVE-2023-26551 at main · spwpun/ntp-4.2.8p15-cves

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.

CVE-2023-26555: ntp-4.2.8p15-cves/CVE-2023-26555 at main · spwpun/ntp-4.2.8p15-cves

praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver.

GHSA-7hj9-rv74-5g92: Traefik HTTP header parsing could cause a denial of service

### Impact There is a vulnerability in [Go when parsing the HTTP headers](https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8/m/OV40vnafAwAJ), which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. ### References - [CVE-2023-24534](https://www.cve.org/CVERecord?id=CVE-2023-24534) ### Patches - https://github.com/traefik/traefik/releases/tag/v2.9.10 - https://github.com/traefik/traefik/releases/tag/v2.10.0-rc2 ### Workarounds No workaround. ### For more information If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).