#ios

SimpleXMQ before 3.4.0, as used in SimpleX Chat before 4.2, does not apply a key derivation function to intended data, which can interfere with forward secrecy and can have other impacts if there is a compromise of a single private key. This occurs in the X3DH key exchange for the double ratchet protocol.

Military veterans tend to have the kind of skills that would make them effective cybersecurity professionals, but making the transition is not that easy.

Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly (with warning shields). Therefore a malicious homeserver could inject messages into the room without the user being alerted that the messages were not sent by a verified group member, even if the user has previously verified all group members. This issue has been patched in Element iOS 1.9.7. There are currently no known workarounds.

After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. IBM X-Force ID: 229695.

Time-of-check time-of-use race condition in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access.

Bug emerges from ambition to find ‘end-to-end exploits beyond DoS’

Two long-running surveillance campaigns have been found targeting the Uyghur community in China and elsewhere with Android spyware tools designed to harvest sensitive information and track their whereabouts. This encompasses a previously undocumented malware strain called BadBazaar and updated variants of an espionage artifact dubbed MOONSHINE by researchers from the University of Toronto's

It's no secret that antivirus software is as essential to your computer as a power cord. However, the threats don't stop at your devices. For example, criminals trying to steal your data can attack your Wi-Fi router, and phishing attempts can target your email.  ESET's latest consumer product release takes a comprehensive approach to security to guard against a full range of threats. All are

### Description Moby is the open source Linux container runtime and set of components used to build a variety of downstream container runtimes, including Docker CE, Mirantis Container Runtime (formerly Docker EE), and Docker Desktop. Moby allows for building container images using a set of build instructions (usually named and referred to as a "Dockerfile"), and a build context, which is not unlike the CWD in which the Dockerfile instructions are executed. Containers may be built using a variety of tools and build backends available in the Moby ecosystem; in all cases, builds may not include files outside of the build context (such as using absolute or relative-parent paths). This is enforced through both checks in the build backends, and the containerization of the build process itself. Versions of Git where CVE-2022-39253 is present and exploited by a malicious repository, when used in combination with Moby, are subject to an unexpected inclusion of arbitrary filesystem paths in t...