Tag
#intel
Categories: News Tags: Microsoft. MSA Tags: OWA Tags: validation token Tags: signing key Tags: Storm-0556 Tags: GetAccessTokensForResource Due to a validation error in Microsoft code, a suspected Chinese attacker was able to access user email from approximately 25 organizations, including government agencies. (Read more...) The post Microsoft validation error allowed state actor to access user email of government agencies and others appeared first on Malwarebytes Labs.
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit (IDU) before 11.4 allows remote attackers to obtain arbitrary control of the IDU/ODU system. Any attacker with layer-3 network access to the IDU can impersonate the Touch Panel Unit (TPU) within the IDU by sending crafted TCP requests to the IDU.
A bill to prevent cops and spies from buying Americans’ data instead of getting a warrant has a fighting chance in the US Congress as lawmakers team up against surveillance overreach.
By Habiba Rashid The news was initially reported by The Standard and German news magazine Der Spiegel, who claim the data leak is authentic. This is a post from HackRead.com Read the original post: VirusTotal Data Leak Exposes User Info, Including Intel Agencies’ Data
[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] In 2019, a Canadian company called Defiant Tech Inc. pleaded guilty to running LeakedSource[.]com, a service that sold access to billions of passwords and other data exposed in countless data breaches. KrebsOnSecurity has learned that the owner of Defiant Tech, a 32-year-old Ontario man named Jordan Evan Bloom, was hired in late 2014 as a developer for the marital infidelity site AshleyMadison.com. Bloom resigned from AshleyMadison citing health reasons in June 2015 -- less than one month before unidentified hackers stole data on 37 million users -- and launched LeakedSource three months later.
Ubuntu Security Notice 6234-1 - Hangyu Hua discovered that the Flower classifier implementation in the Linux kernel contained an out-of-bounds write vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that for some Intel processors the INVLPG instruction implementation did not properly flush global TLB entries when PCIDs are enabled. An attacker could use this to expose sensitive information or possibly cause undesired behaviors.
Ubuntu Security Notice 6235-1 - It was discovered that the NTFS file system implementation in the Linux kernel contained a null pointer dereference in some situations. A local attacker could use this to cause a denial of service. Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information.
Red Hat Security Advisory 2023-4130-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-4137-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include out of bounds access and use-after-free vulnerabilities.