Tag
" Hello pervert" sextortion mails keep adding new features to their email to increase credibility and urge victims to pay
This article provides an in-depth analysis of two kernel vulnerabilities within the Mali GPU, reachable from the default application sandbox, which the researcher independently identified and reported to Google. It includes a kernel exploit that achieves arbitrary kernel r/w capabilities. Consequently, it disables SELinux and elevates privileges to root on Google Pixel 7 and 8 Pro models.
With the elections at full throttle we are seeing several types of scams resurfacing and undoubtedly more will come
Online Travel Agency System version 1.0 suffers from a remote shell upload vulnerability.
Tourism Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Google has released its monthly security updates for the Android operating system to address a known security flaw that it said has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-32896 (CVSS score: 7.8), relates to a case of privilege escalation in the Android Framework component. According to the description of the bug in the NIST National
A new malware campaign is spoofing Palo Alto Networks' GlobalProtect VPN software to deliver a variant of the WikiLoader (aka WailingCrab) loader by means of a search engine optimization (SEO) campaign. The malvertising activity, observed in June 2024, is a departure from previously observed tactics wherein the malware has been propagated via traditional phishing emails, Unit 42 researchers
### Impact Versions of `actions/download-artifact` before 4.1.7 are vulnerable to arbitrary file write when downloading and extracting a specifically crafted artifact that contains path traversal filenames. ### Patches Upgrade to version 4.1.7 or higher. Alternatively use 'v4' tag which points to the latest and secure version. ### References - https://snyk.io/research/zip-slip-vulnerability - https://github.com/actions/download-artifact/releases/tag/v4.1.7 ### CVE CVE-2024-42471 ### Credits Justin Taft from Google
### Impact Versions of `actions/artifact` before 2.1.7 are vulnerable to arbitrary file write when using `downloadArtifactInternal`, `downloadArtifactPublic`, or `streamExtractExternal` for extracting a specifically crafted artifact that contains path traversal filenames. ### Patches Upgrade to version 2.1.7 or higher. ### References - https://snyk.io/research/zip-slip-vulnerability - https://github.com/actions/toolkit/pull/1724 ### CVE CVE-2024-42471 ### Credits Justin Taft from Google
An old but persistent email scam known as "sextortion" has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target's home in a bid to make threats about publishing the videos more frightening and convincing.