#mac

savysoda Wifi HD Wireless Disk Drive 11 is vulnerable to Local File Inclusion.

A financially motivated cyber actor has been observed abusing Microsoft Azure Serial Console on virtual machines (VMs) to install third-party remote management tools within compromised environments. Google-owned Mandiant attributed the activity to a threat group it tracks under the name UNC3944, which is also known as Roasted 0ktapus and Scattered Spider. "This method of attack was unique in

Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the communication of the software.

Categories: News Categories: Ransomware Tags: PharMerica Tags: Money Message Tags: ransomware Tags: PII Tags: SSN US pharmacy giant PharMerica has reported a cybersecurity incident that affects over 5.8 million people. The data theft has been claimed by ransomware group Money Message. (Read more...) The post PharMerica breach impacts almost 6 million people appeared first on Malwarebytes Labs.

The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for Confluence allows persistent XSS when saving a Mind Map with the hyperlink parameter.

Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition. The Updater privileged script attempts to update Videostream every 5 hours.

Threat actors seen using Go-language implementation of the red-teaming tool on Intel and Apple silicon-based macOS systems.

Partnership will provide SAP customers with comprehensive exposure management capabilities and in-depth visibility of attack surfaces.

An update for libreswan is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-2295: A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI...

This article focuses on a weakness in the Telegram application on macOS that allows for the injection of a Dynamic Library (or Dylib for short). The article will cover several basic concepts in macOS to provide the relevant background that will help the reader understand the process of identifying the weakness and writing an exploit that will gain a local privilege escalation by getting access to the camera through the permissions that were previously granted to the Telegram application.