#zero_day

Analysis of the traffic between networked devices has always been of interest since devices could even communicate with one another.  As the complexity of networks grew, the more useful dedicated traffic analysis tools became. Major advancements have been made over the years with tools like Snort or Wireshark, but

Meta has won a court case against spyware vendor NSO Group to reveal the Pegasus spyware code that allows spying on WhatsApp users.

### Impact This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. ### Patches The algorithm to detect SQL injection has been improved. ### Workarounds None. ### References - https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2 - https://github.com/parse-community/parse-server/releases/tag/6.5.0 (fixed in Parse Server 6) - https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.20 (fixed in Parse Server 7 alpha release) ### Credits - Mikhail Shcherbakov (https://twitter.com/yu5k3) working with Trend Micro Zero Day Initiative (finder) - Ehsan Persania (remediation developer) - Manuel Trezza (coordinator)

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-B Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Delta Electronics products are affected: CNCSoft-B: Versions 1.0.0.4 and prior 3.2 Vulnerability Overview 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 Delta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. CVE-2024-1941 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Taiwan 3.4 RESEARCHER Natnael Samson (@NattiS...

The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level access and disable security software on compromised hosts. The vulnerability in question is CVE-2024-21338 (CVSS score: 7.8), which can permit an attacker to gain SYSTEM privileges. It was resolved by Microsoft earlier this month as part

By Deeba Ahmed Russian hackers, part of Russia’s Main Intelligence Directorate of the General Staff, are using compromised Ubiquiti EdgeRouters to… This is a post from HackRead.com Read the original post: FBI Alert: Russian Hackers Target Ubiquiti Routers for Data, Botnet Creation

Fake news, disinformation, misinformation – whatever label you want to put on it – will not just go away if one election in the U.S. goes one way or the other.

By Waqas Another day, another Apple Security Vulnerability! This is a post from HackRead.com Read the original post: Apple Shortcuts Vulnerability Exposes Sensitive Data, Update Now!

By Deeba Ahmed Email servers compromised in 80 organizations as Russian-linked TAG-70 group targets European governments. This is a post from HackRead.com Read the original post: Russian Hackers Hit Mail Servers in Europe for Political and Military Intel

There was about a 24-hour period where many news outlets reported on a reported DDoS attack that involved a botnet made up of thousands of internet-connected toothbrushes.