Security
Headlines
HeadlinesLatestCVEs

Tag

#samsung

CVE-2022-39830: mTower/fwinfogen.c at 18f4b592a8a973ce5972f4e2658ea0f6e3686284 · Samsung/mTower

sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service.

CVE
Open in Source
#mac#dos#apache#samsung#auth#ssl
Samsung Admits Data Breach that Exposed Details of Some U.S. Customers

South Korean chaebol Samsung on Friday said it experienced a cybersecurity incident that resulted in the unauthorized access of some customer information, the second time this year it has reported such a breach. "In late July 2022, an unauthorized third-party acquired information from some of Samsung's U.S. systems," the company disclosed in a notice. "On or around August 4, 2022, we determined

CVE-2021-44718: wolfSSL Security Vulnerabilities | wolfSSL Embedded SSL/TLS Library

wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers.

CVE-2022-36622: mTower/tee_svc.c at 18f4b592a8a973ce5972f4e2658ea0f6e3686284 · Samsung/mTower

Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1.

CVE-2022-36621: mTower/tee_api_objects.c at 18f4b592a8a973ce5972f4e2658ea0f6e3686284 · Samsung/mTower

Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject.

New Air-Gap Attack Uses MEMS Gyroscope Ultrasonic Covert Channel to Leak Data

A novel data exfiltration technique has been found to leverage a covert ultrasonic channel to leak sensitive information from isolated, air-gapped computers to a nearby smartphone that doesn't even require a microphone to pick up the sound waves. Dubbed GAIROSCOPE, the adversarial model is the latest addition to a long list of acoustic, electromagnetic, optical, and thermal approaches devised by

Xiaomi Phone Bug Allowed Payment Forgery

Mobile transactions could’ve been disabled, created and signed by attackers.

CVE-2020-23622: CVE-2020-12695: CallStranger Vulnerability in Universal Plug and Play (UPnP) Puts Billions of Devices At Risk

** UNSUPPORTED WHEN ASSIGNED ** An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header.

Cisco Confirms Network Breach After Employee’s Google Account was Hacked

By Deeba Ahmed Cisco has confirmed that its security was successfully breached by Yanluowang Ransomware Gang in May 2022. Networking giant… This is a post from HackRead.com Read the original post: Cisco Confirms Network Breach After Employee’s Google Account was Hacked