Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

XCSSET Malware Updates with Python 3 to Target macOS Monterey Users

The operators of the XCSSET macOS malware have upped the stakes by making iterative improvements that add support for macOS Monterey by upgrading its source code components to Python 3. "The malware authors have changed from hiding the primary executable in a fake Xcode.app in the initial versions in 2020 to a fake Mail.app in 2021 and now to a fake Notes.app in 2022," SentinelOne researchers

The Hacker News
#web#mac#apple#google#microsoft#git#java#backdoor#auth#chrome#firefox#The Hacker News
Charming Kitten APT Wields New Scraper to Steal Email Inboxes

Google researchers say the nation-state hacking team is now employing a data-theft tool that targets Gmail, Yahoo, and Microsoft Outlook accounts using previously acquired credentials.

Google flags man as sex abuser after he sends photos of child to doctor

Categories: News Tags: CSAM Tags: de-Google Tags: AI Tags: NCMEC Tags: EFF Tags: false positive Tech giants are scanning our private files to find predators guilty of sexually abusing children, but they are creating victims of their own. (Read more...) The post Google flags man as sex abuser after he sends photos of child to doctor appeared first on Malwarebytes Labs.

CVE-2022-25304: Snyk Vulnerability Database | Snyk

All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.

CVE-2022-25231: Snyk Vulnerability Database | Snyk

The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit.

CVE-2022-25888: Snyk Vulnerability Database | Snyk

The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.

New Air-Gap Attack Uses MEMS Gyroscope Ultrasonic Covert Channel to Leak Data

A novel data exfiltration technique has been found to leverage a covert ultrasonic channel to leak sensitive information from isolated, air-gapped computers to a nearby smartphone that doesn't even require a microphone to pick up the sound waves. Dubbed GAIROSCOPE, the adversarial model is the latest addition to a long list of acoustic, electromagnetic, optical, and thermal approaches devised by

CVE-2021-28861: gh-87389: Fix an open redirection vulnerability in http.server. by gpshead · Pull Request #93879 · python/cpython

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure.

CVE-2022-33916: Home Page - OPC Foundation

OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information.

Microsoft Patch Tuesday August 2022: DogWalk, Exchange EOPs, 13 potentially dangerous, 2 funny, 3 mysterious vulnerabilities

Hello everyone! In this episode, let’s take a look at the Microsoft Patch Tuesday August 2022 vulnerabilities. I use my Vulristics vulnerability prioritization tool as usual. I take comments for vulnerabilities from Tenable, Qualys, Rapid7, ZDI and Kaspersky blog posts. Also, as usual, I take into account the vulnerabilities added between the July and August […]