Tag
An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel.
Categories: News Categories: Scams Tags: Flipper Zero Tags: fake Flipper Zero sites Flipper Zero units are being sold on sites not recognized by developers. Stay away! (Read more...) The post Fake Flipper Zero sellers are after your money appeared first on Malwarebytes Labs.
Categories: News Tags: 18+ Tags: malvertising Tags: Google ads Tags: clickjacking Malwarebytes' researchers have discovered a malvertising scheme that uses adult lures for clickjacking purposes. (Read more...) The post Adult content malvertising scheme leads to clickjacking appeared first on Malwarebytes Labs.
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Google Maps v3 Shortcode plugin <= 1.2.1 versions.
Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jason Bobich Theme Blvd Responsive Google Maps plugin <= 1.0.2 versions.
Apple thwarts NSO’s spyware, the rise of a GPT-4 black market, Russia targets Starlink internet connections, and more.
Lazarus, the prolific North Korean hacking group behind the cascading supply chain attack targeting 3CX, also breached two critical infrastructure organizations in the power and energy sector and two other businesses involved in financial trading using the trojanized X_TRADER application. The new findings, which come courtesy of Symantec's Threat Hunter Team, confirm earlier suspicions that the
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The three vulnerabilities are as follows - CVE-2023-28432 (CVSS score - 7.5) - MinIO Information Disclosure Vulnerability CVE-2023-27350 (CVSS score - 9.8) - PaperCut MF/NG Improper Access Control
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 14 and April 21. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key
Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values, including sensitive values, to be printed at the `info` logging level during the `kitchen converge` action. Prior to v7.0.0, the output values were printed at the `debug` level to avoid writing sensitive values to the terminal by default. An attacker would need access to the local machine in order to gain access to these logs during an operation. Users are advised to upgrade. There are no known workarounds for this vulnerability.