Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Ubuntu Security Notice USN-5917-1

Ubuntu Security Notice 5917-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code.

Packet Storm
Open in Source
#vulnerability#web#android#google#microsoft#amazon#ubuntu#linux#dos#oracle#intel#perl#vmware#aws#buffer_overflow
New HiatusRAT Malware Targets Business-Grade Routers to Covertly Spy on Victims

A never-before-seen complex malware is targeting business-grade routers to covertly spy on victims in Latin America, Europe, and North America at least since July 2022. The elusive campaign, dubbed Hiatus by Lumen Black Lotus Labs, has been found to deploy two malicious binaries, a remote access trojan dubbed HiatusRAT and a variant of tcpdump that makes it possible to capture packet capture on

Intel CPU vulnerabilities fixed. But should you update?

Categories: Exploits and vulnerabilities Categories: News Tags: CVE-2022-21123 Tags: CVE-2022-21125 Tags: CVE-2022-21127 Tags: CVE-2022-21166 Tags: Intel Tags: VMs Tags: microcode Microsoft has released out of band updates for information disclosure vulnerabilities in Intel CPUs, but who needs them? (Read more...) The post Intel CPU vulnerabilities fixed. But should you update? appeared first on Malwarebytes Labs.

How to use Confidential Containers without confidential hardware

<p>The <a href="https://github.com/confidential-containers">Confidential Containers</a> (CoCo) project aims to implement a cloud-native solution for confidential computing using the most advanced <a href="https://en.wikipedia.org/wiki/Trusted_execution_environment">trusted execution environments</a> (TEE) technologies available from hardware vendors like AMD, IBM and Intel. Recently, the first release of the project (<a href="https://github.com/confidential-containers/docum

A Privacy Hero's Final Wish: An Institute to Redirect AI's Future

Peter Eckersley did groundbreaking work to encrypt the web. After his sudden death, a new organization he founded is carrying out his vision to steer artificial intelligence toward “human flourishing.”

The LastPass Hack Somehow Gets Worse

Plus: The US Marshals disclose a “major” cybersecurity incident, T-Mobile has gotten pwned so much, and more.

Rapid7 Brings Threat Intel Data to USF Cybersecurity Lab

The Rapid7 Cyber Threat Intelligence Laboratory at the University of South Florida will provide data on real-world threats for faculty and students to use in their research.

Threat Roundup (Feb. 24 - March 3)

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Feb. 24 and March 3. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

3 Ways Security Teams Can Use IP Data Context

Innocently or not, residential proxy networks can obscure the actual geolocation of an access point. Here's why that's not great and what you can do about it.

CVE-2023-20062: Cisco Security Advisory: Cisco Unified Intelligence Center Vulnerabilities

Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities.