Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2022-39257: Upgrade now to address E2EE vulnerabilities in matrix-js-sdk, matrix-ios-sdk and matrix-android-sdk2 | Matrix.org

Matrix iOS SDK allows developers to build iOS apps compatible with Matrix. Prior to version 0.23.19, an attacker cooperating with a malicious homeserver can construct messages appearing to have come from another person. Such messages will be marked with a grey shield on some platforms, but this may be missing in others. This attack is possible due to the matrix-ios-sdk implementing a too permissive key forwarding strategy. The default policy for accepting key forwards has been made more strict in the matrix-ios-sdk version 0.23.19. matrix-ios-sdk will now only accept forwarded keys in response to previously issued requests and only from own, verified devices. The SDK now sets a `trusted` flag on the decrypted message upon decryption, based on whether the key used to decrypt the message was received from a trusted source. Clients need to ensure that messages decrypted with a key with `trusted = false` are decorated appropriately (for example, by showing a warning for such messages). Thi...

CVE
Open in Source
#vulnerability#web#ios#android#mac#js#auth#sap
The Race to Find the Nord Stream Saboteurs

Damage to the pipeline that runs between Russia and Germany is being treated as deliberate. Finding out what happened may not be straightforward.

CVE-2022-38934: Some arbitrary address read vulnerabilities in readelf · Issue #244 · klange/toaruos

readelf in ToaruOS 2.0.1 has some arbitrary address read vulnerabilities when parsing a crafted ELF file.

Chaos Malware Resurfaces With All-New DDoS & Cryptomining Modules

The previously identified ransomware builder has veered in an entirely new direction, targeting consumers and business of all sizes by exploiting known CVEs through brute-forced and/or stolen SSH keys.

Mobile Mouse Remote Code Execution

This Metasploit module utilizes the Mobile Mouse Server by RPA Technologies, Inc protocol to deploy a payload and run it from the server. This module will only deploy a payload if the server is set without a password (default). Tested against 3.6.0.4, the current version at the time of module writing.

Illumio Introduces New Solution to Stop Endpoint Ransomware from Spreading Across the Hybrid Attack Surface

Illumio Endpoint extends zero trust segmentation to see risk and set policy across macOS and Windows devices.

CVE-2022-40083: vulnerability: open redirect in static handler · Issue #2259 · labstack/echo

Labstack Echo v4.8.0 was discovered to contain an open redirect vulnerability via the Static Handler component. This vulnerability can be leveraged by attackers to cause a Server-Side Request Forgery (SSRF).

When Will Cybersecurity Get Its Bloomberg Terminal?

The "single pane of glass" that gathers and correlates all the information security professionals need doesn't exist, so it's up to us to create it.