#amazon

P2M pool freeing may take excessively long The P2M pool backing second level address translation for guests may be of significant size. Therefore its freeing may take more time than is reasonable without intermediate preemption checks. Such checking for the need to preempt was so far missing.

Categories: News Tags: smart light system Tags: light bulb Tags: IoT Tags: Internet of Things Tags: compromise Tags: CVE In 2022, even our light bulbs have CVEs (Read more...) The post Smart lights vulnerable to "blink and you'll miss it" attack appeared first on Malwarebytes Labs.

Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.

Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.

A new executive order tries to reassure Europeans that their data is safe on US soil, despite government surveillance.

By Waqas Bitcoin network’s most prosperous blockchain DeFiChain is a decentralized proof-of-stake platform created as a hard fork to enable… This is a post from HackRead.com Read the original post: World’s Leading Blockchain DeFiChain Announces Adding Four New dTokens

Research suggests that automation can cut down on cloud control plane compromises

The North Korea-backed Lazarus Group has been observed deploying a Windows rootkit by taking advantage of an exploit in a Dell firmware driver, highlighting new tactics adopted by the state-sponsored adversary. The Bring Your Own Vulnerable Driver (BYOVD) attack, which took place in the autumn of 2021, is another variant of the threat actor's espionage-oriented activity called Operation In(ter)

By Waqas The hacker group is called ZINC, and its primary targets are organizations in the aerospace, media, IT services, and defense sectors. This is a post from HackRead.com Read the original post: NK Hackers Lacing Legit Software with Malware

Ubuntu Security Notice 5650-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.