Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

3 xIoT Attacks Companies Aren't Prepared For

A world of increasingly connected devices has created a vast attack surface for sophisticated adversaries.

DARKReading
Open in Source
#mac#microsoft#ddos#dos#intel#backdoor#botnet
SentinelOne sentinelagent 22.3.2.5 Privilege Escalation

SentinelOne sentinelagent version 22.3.2.5 on Linux suffers from a privilege escalation vulnerability due to not use a fully qualified path when calling grep.

San Francisco Rolls Back Its Plan for Killer Robots

After an uproar, the city board voted to rescind last week's bill to allow police to use robots to deliver deadly force. The fight isn't over, but there's a good reason it should be.

py7zr 0.20.0 Directory Traversal

A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr versions 0.20.0 and earlier allows attackers to read arbitrary files on the local machine via a malicious 7z file extraction.

Debian Security Advisory 5296-1

Debian Linux Security Advisory 5296-1 - Robin Peraglie and Johannes Moritz discovered an argument injection bug in the xfce4-mime-helper component of xfce4-settings, which can be exploited using the xdg-open common tool. Since xdg-open is used by multiple standard applications for opening links, this bug could be exploited by an attacker to run arbitrary code on an user machine by providing a malicious PDF file with specifically crafted links.

Microsoft Alerts Cryptocurrency Industry of Targeted Cyber Attacks

Cryptocurrency investment companies are the target of a developing threat cluster that uses Telegram groups to seek out potential victims. Microsoft's Security Threat Intelligence Center (MSTIC) is tracking the activity under the name DEV-0139, and builds upon a recent report from Volexity that attributed the same set of attacks to North Korea's Lazarus Group. "DEV-0139 joined Telegram groups

New Go-based Zerobot Botnet Exploiting Dozen of IoT Vulnerabilities to Expand its Network

A novel Go-based botnet called Zerobot has been observed in the wild proliferating by taking advantage of nearly two dozen security vulnerabilities in the internet of things (IoT) devices and other software. The botnet "contains several modules, including self-replication, attacks for different protocols, and self-propagation," Fortinet FortiGuard Labs researcher Cara Lin said. "It also

ASM Can Fill Gaps While Working to Implement SBOM

If compiling a software bill of materials seems daunting, attack surface management tools can provide many of the benefits.

CVE-2022-41910: Fix OOB write in grappler. · tensorflow/tensorflow@a65411a

TensorFlow is an open source platform for machine learning. The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. We have patched the issue in GitHub commit a65411a1d69edfb16b25907ffb8f73556ce36bb7. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.8.4, 2.9.3, and 2.10.1.