#ios

Cybersecurity researchers have found "backdoor-like behavior" within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format. Firmware security firm Eclypsium said it first detected the anomaly in April 2023. Gigabyte has since acknowledged and addressed the issue. "Most Gigabyte firmware includes a Windows

KramerAV VIA GO² < 4.0.1.1326 is vulnerable to Unauthenticated arbitrary file read.

An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause an escalation of privileges attack by manipulating the database.

Papaya Medical Viewer version 1.0 suffers from a cross site scripting vulnerability.

Ubuntu Security Notice 6111-1 - It was discovered that Flask incorrectly handled certain data responses. An attacker could possibly use this issue to expose sensitive information.

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. **Note:** This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507).

Researchers have discovered an inexpensive attack technique that could be leveraged to brute-force fingerprints on smartphones to bypass user authentication and seize control of the devices. The approach, dubbed BrutePrint, bypasses limits put in place to counter failed biometric authentication attempts by weaponizing two zero-day vulnerabilities in the smartphone fingerprint authentication (SFA

Categories: News Tags: Cisco Tags: Zyxel Tags: ChatGPT Tags: Malvertising Tags: Apple Tags: Google Tags: insider threat Tags: Pentagon explosion Tags: CISA Tags: ransomware guide Tags: Rheinmetall Tags: BlackBasta Tags: WordPress A list of topics we covered in the week of May 22- 28 of 2023 (Read more...) The post A week in security (May 22-28) appeared first on Malwarebytes Labs.

A critical security vulnerability has been disclosed in the Open Authorization (OAuth) implementation of the application development framework Expo.io. The shortcoming, assigned the CVE identifier CVE-2023-28131, has a severity rating of 9.6 on the CVSS scoring system. API security firm Salt Labs said the issue rendered services using the framework susceptible to credential leakage, which could

An issue was discovered in Papaya Viewer 4a42701. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is displayed in the Papaya web application