‼ CVE-2023-30660 ‼
📖 Read
via "National Vulnerability Database".
Exposure of Sensitive Information vulnerability in getDefaultChipId in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30642 ‼
📖 Read
via "National Vulnerability Database".
Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to call privilege function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30677 ‼
📖 Read
via "National Vulnerability Database".
Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass on a certain state of an unlocked device.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30674 ‼
📖 Read
via "National Vulnerability Database".
Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30658 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-30678 ‼
📖 Read
via "National Vulnerability Database".
Potential zip path traversal vulnerability in Calendar application prior to version 12.4.07.15 in Android 13 allows attackers to write arbitrary file.📖 Read
via "National Vulnerability Database".
🛠Capstone 5.0 ðŸ›
📖 Read
via "Packet Storm Security".
Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Capstone 5.0 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠Zeek 6.0.0 ðŸ›
📖 Read
via "Packet Storm Security".
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Zeek 6.0.0 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
📢 Iranian hackers targeted nuclear expert, ported Windows infection chain to Mac in a week 📢
📖 Read
via "ITPro".
Fresh research demonstrates the sophistication and capability of state-sponsored threat actors to compromise diverse targets 📖 Read
via "ITPro".
ITPro
Iranian hackers targeted nuclear expert, ported Windows infection chain to Mac in a week
Fresh research demonstrates the sophistication and capability of state-sponsored threat actors to compromise diverse targets
‼ CVE-2023-26138 ‼
📖 Read
via "National Vulnerability Database".
All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \r\n (carriage return line feeds) characters and inject additional headers in the request sent.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-26137 ‼
📖 Read
via "National Vulnerability Database".
All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.📖 Read
via "National Vulnerability Database".
📢 NCSC neutralizes fewer cyber crime campaigns for first time in six years 📢
📖 Read
via "ITPro".
Drop in takedowns may be due to short lifetimes of extortion email servers and crypto scams 📖 Read
via "ITPro".
ITPro
NCSC neutralizes fewer cyber crime campaigns for first time in six years
Drop in takedowns may be due to short lifetimes of extortion email servers and crypto scams
‼ CVE-2023-3523 ‼
📖 Read
via "National Vulnerability Database".
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.📖 Read
via "National Vulnerability Database".
âš Firefox 115 is out, says farewell to older Windows and Mac users âš
📖 Read
via "Naked Security".
No zero-days this month, so you're patching to stay ahead, not merely to catch up!📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
🕴 6 Steps To Outsmart Business Email Compromise Scammers 🕴
📖 Read
via "Dark Reading".
Email fraud is a confidence game that costs the economy billions. An effective defense takes technology and vigilance.📖 Read
via "Dark Reading".
Dark Reading
6 Steps To Outsmart Business Email Compromise Scammers
Email fraud is a confidence game that costs the economy billions. An effective defense takes technology and vigilance.
‼ CVE-2022-48514 ‼
📖 Read
via "National Vulnerability Database".
The Sepolicy module has inappropriate permission control on the use of Netlink.Successful exploitation of this vulnerability may affect confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48518 ‼
📖 Read
via "National Vulnerability Database".
Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46894 ‼
📖 Read
via "National Vulnerability Database".
Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48512 ‼
📖 Read
via "National Vulnerability Database".
Use After Free (UAF) vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-37241 ‼
📖 Read
via "National Vulnerability Database".
Input verification vulnerability in the WMS API. Successful exploitation of this vulnerability may cause the device to restart.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-48515 ‼
📖 Read
via "National Vulnerability Database".
Vulnerability of inappropriate permission control in Nearby. Successful exploitation of this vulnerability may affect service confidentiality.📖 Read
via "National Vulnerability Database".