Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Backdoored Counterfeited Android Phones Hacking WhatsApp Accounts

By Deeba Ahmed According to Dr. Web, the backdoor comes pre-installed in Counterfeit Android devices targeting WhatsApp and WhatsApp Business messengers. This is a post from HackRead.com Read the original post: Backdoored Counterfeited Android Phones Hacking WhatsApp Accounts

HackRead
Open in Source
#vulnerability#web#ios#android#backdoor#auth#ibm#sap
New Air-Gap Attack Uses MEMS Gyroscope Ultrasonic Covert Channel to Leak Data

A novel data exfiltration technique has been found to leverage a covert ultrasonic channel to leak sensitive information from isolated, air-gapped computers to a nearby smartphone that doesn't even require a microphone to pick up the sound waves. Dubbed GAIROSCOPE, the adversarial model is the latest addition to a long list of acoustic, electromagnetic, optical, and thermal approaches devised by

CVE-2021-28861: gh-87389: Fix an open redirection vulnerability in http.server. by gpshead · Pull Request #93879 · python/cpython

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure.

CVE-2022-38668: Fix stack data disclosure when returning static files smaller than 16KiB by mrozigor · Pull Request #523 · CrowCpp/Crow

HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive data from stack memory when fulfilling a request for a static file smaller than 16 KB.

CVE-2022-38171: A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution

Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readSymbolDictSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).

CVE-2021-36847: Webba Booking: Appointment & Event Booking Calendar Plugin

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebbaPlugins Webba Booking plugin <= 4.2.21 at WordPress.

CVE-2022-35655: Collaboration Center

Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting.

CISA wants you to patch these actively exploited vulnerabilities before September 8

Categories: Exploits and vulnerabilities Categories: News CISA updated its catalog of actively exploited vulnerabilities. Make sure you update your software before the due date! (Read more...) The post CISA wants you to patch these actively exploited vulnerabilities before September 8 appeared first on Malwarebytes Labs.

A week in security (August 15 - August 21)

Categories: A week in security Categories: News The most important and interesting computer security stories from the last week. (Read more...) The post A week in security (August 15 - August 21) appeared first on Malwarebytes Labs.

CVE-2022-30036: Pwning a $60,000 Lighting Console in a Few Minutes

MA Lighting grandMA2 Light has a password of root for the root account. NOTE: The vendor's position is that the product was designed for isolated networks. Also, the successor product, grandMA3, is not affected by this vulnerability.