Security
Headlines
HeadlinesLatestCVEs

Tag

#sap

Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones

Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware. The issues are described as below - CVE-2023-41061 - A validation issue in Wallet that could result in arbitrary code execution when handling a maliciously crafted attachment. CVE-2023-41064

The Hacker News
#web#ios#mac#apple#buffer_overflow#asus#zero_day#sap#The Hacker News
A secondhand account of the worst possible timing for a scammer to strike

Cybercriminals are abusing Advanced Installer, a legitimate Windows tool used for creating software packages, to drop cryptocurrency-mining malware on infected machines, new Cisco Talos research shows.

Facebook Trains Its AI on Your Data. Opting Out May Be Futile

Here's how to request that your personal information not be used to train Meta's AI model. "Request" is the operative word here.

CVE-2023-4809

In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate payload. Instead a packet with multiple IPv6 fragment headers would unexpectedly be interpreted as a fragmented packet, rather than as whatever the real payload is. As a result, IPv6 fragments may bypass pf firewall rules written on the assumption all fragments have been reassembled and, as a result, be forwarded or processed by the host.

New Chae$4 Malware Steals Login, Financial Data from Businesses

By Habiba Rashid Meet Chae$4 malware: the new and even harder-to-detect variant of the infamous Chaes malware. This is a post from HackRead.com Read the original post: New Chae$4 Malware Steals Login, Financial Data from Businesses

CVE-2023-39362: Authenticated command injection when using SNMP options

Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server. The `lib/snmp.php` file has a set of functions, with similar behavior, that accept in input some variables and place them into an `exec` call without a proper escape or validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVE-2023-41508: Patch Notes (Last updated: 25 Aug 2023)

A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel.

The Strange Afterlife of Wagner’s Yevgeny Prigozhin

Posts praising the Wagner Group boss following his death in a mysterious plane crash last month indicate he was still in control of his "troll farm," researchers claim.

Red Hat Security Advisory 2023-4961-01

Red Hat Security Advisory 2023-4961-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include out of bounds access, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-4967-01

Red Hat Security Advisory 2023-4967-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include out of bounds write and use-after-free vulnerabilities.