Tag
#mac
1. EXECUTIVE SUMMARY CVSS v3 6.2 ATTENTION: Low attack complexity Vendor: Siemens Equipment: Adaptec maxView Application Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to decrypt intercepted local traffic between the browser and the application. A local attacker could perform a machine-in-the-middle attack to modify data in transit. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected: SIMATIC IPC1047: All versions SIMATIC IPC1047E: All versions with Adaptec maxView Storage Manager prior to 4.09.00.25611 on Windows SIMATIC IPC647D: All versions SIMATIC IPC647E: All versions with Adaptec maxView Storage Manager prior to 4.09.00.25611 on Windows SIMATIC IPC847D: All versions SIMATIC IPC847E: All versions with Adaptec maxView Storage Manager prior to 4.09.00.25611 on Windows 3.2 VULNERABILITY OVERVIEW 3.2.1 EXPOSURE OF S...
The Transparent Tribe threat actor has been linked to a set of weaponized Microsoft Office documents in attacks targeting the Indian education sector using a continuously maintained piece of malware called Crimson RAT. While the suspected Pakistan-based threat group is known to target military and government entities in the country, the activities have since expanded to include the education
The North Korean threat actor known as the Lazarus Group has been observed shifting its focus and rapidly evolving its tools and tactics as part of a long-running activity called DeathNote. While the nation-state adversary is known for its persistent attacks on the cryptocurrency sector, it has also targeted automotive, academic, and defense sectors in Eastern Europe and other parts of the world
Tools like ChatGPT aren't making social engineering attacks any more effective, but it does make it faster for actors to write up phishing emails.
<drupal-media data-align="center" data-entity-type="media" data-entity-uuid="86dcee13-494e-41e0-a1ed-419306586e5d"></drupal-media> <h3>What are Confidential Containers?</h3> <p><strong><a href="https://github.com/confidential-containers">Confidential Containers</a></strong> (CoCo) is a new sandbox project of the <a href="https://www.cncf.io/">Cloud Native Comput
InCopy versions 18.1 (and earlier), 17.4 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Usually focused on going after cryptocurrency organizations, the threat actor has begun targeting defense companies around the world.
Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.