Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

CVE-2021-4028: LKML: Greg Kroah-Hartman: [PATCH 5.10 22/93] RDMA/cma: Do not change route.addr.src_addr.ss_family

A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.

CVE
Open in Source
#ios#google#linux#bios
Binance chief says a “sophisticated hacking team” turned him into a deepfake hologram

Categories: News Tags: Deepfake Tags: fake Tags: binance Tags: cryptocurrency Tags: Linkedin Tags: scam Tags: Zoom Tags: meeting Tags: call Tags: fake We take a look at reports of a Deepfake hologram getting up to no good in bogus cryptocurrency Zoom calls. (Read more...) The post Binance chief says a “sophisticated hacking team” turned him into a deepfake hologram appeared first on Malwarebytes Labs.

Proofpoint Introduces a Smarter Way to Stay Compliant with New Intelligent Compliance Platform

Integrated solution offers enterprises modern regulatory compliance safeguards while simplifying corporate legal protection practices.

CVE-2021-3690: [UNDERTOW-1935] buffer leak on incoming websocket PONG message

A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.

CVE-2022-34658: Download Manager

Multiple Authenticated (contributor+) Persistent Cross-Site Scripting (XSS) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.

Backdoored Counterfeited Android Phones Hacking WhatsApp Accounts

By Deeba Ahmed According to Dr. Web, the backdoor comes pre-installed in Counterfeit Android devices targeting WhatsApp and WhatsApp Business messengers. This is a post from HackRead.com Read the original post: Backdoored Counterfeited Android Phones Hacking WhatsApp Accounts

New Air-Gap Attack Uses MEMS Gyroscope Ultrasonic Covert Channel to Leak Data

A novel data exfiltration technique has been found to leverage a covert ultrasonic channel to leak sensitive information from isolated, air-gapped computers to a nearby smartphone that doesn't even require a microphone to pick up the sound waves. Dubbed GAIROSCOPE, the adversarial model is the latest addition to a long list of acoustic, electromagnetic, optical, and thermal approaches devised by

CVE-2021-28861: gh-87389: Fix an open redirection vulnerability in http.server. by gpshead · Pull Request #93879 · python/cpython

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure.

CVE-2022-38668: Fix stack data disclosure when returning static files smaller than 16KiB by mrozigor · Pull Request #523 · CrowCpp/Crow

HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive data from stack memory when fulfilling a request for a static file smaller than 16 KB.

CVE-2022-38171: A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution

Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readSymbolDictSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).