Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Google reveals spyware attack on Android, iOS, and Chrome

By Habiba Rashid Google's Threat Analysis Group (TAG) labeled the spyware campaign as limited but highly targeted. This is a post from HackRead.com Read the original post: Google reveals spyware attack on Android, iOS, and Chrome

HackRead
Open in Source
#vulnerability#web#ios#android#google#microsoft#c++#asus#samsung#zero_day#chrome#firefox
Mélofée: The Latest Malware Targeting Linux Servers

By Deeba Ahmed An unidentified Chinese APT group is suspected of operating the Mélofée malware. This is a post from HackRead.com Read the original post: Mélofée: The Latest Malware Targeting Linux Servers

How to Hide Tables in SQL Server Management Studio

By Owais Sultan SQL Server Management Studio (SSMS) is a software application developed by Microsoft that is used for configuring, managing,… This is a post from HackRead.com Read the original post: How to Hide Tables in SQL Server Management Studio

CVE-2022-36975

This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15332.

CVE-2022-37012

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server 1.7.6-537. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OpcUa_SecureListener_ProcessSessionCallRequest method. A crafted OPC UA message can force the server to incorrectly update a reference count. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-16927.

CVE-2023-27167

Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1.

Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits

Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.

How Good Smile, a Major Toy Company, Kept 4chan Online

Documents obtained by WIRED confirm that Good Smile, which licenses toy production for Disney, was an investor in the controversial image board.

Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices

A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google's Threat Analysis Group (TAG) has revealed. The two distinct campaigns were both limited and highly targeted, taking advantage of the patch gap between the release of a fix and when it was actually deployed on the targeted devices. "These

Guidance on Potential Misconfiguration of Authorization of Multi-Tenant Applications that use Azure AD

Summary Summary Microsoft has addressed an authorization misconfiguration for multi-tenant applications that use Azure AD, initially discovered by Wiz, and reported to Microsoft, that impacted a small number of our internal applications. The misconfiguration allowed external parties read and write access to the impacted applications. Microsoft immediately corrected the misconfiguration and added additional authorization checks to address the issue and confirmed that no unintended access had occurred.