Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Predator spyware vendor banned in US

The US Treasury Department has sanctioned Predator spyware vendor Intellexa Consortium, and banned the company from doing business in the US.

Malwarebytes
Open in Source
#ios#android#mac#intel#asus#sap
Update your iPhones and iPads now: Apple patches security vulnerabilities in iOS and iPadOS

Apple has released a security update for iOS and iPadOS to patch two zero-day vulnerabilities which are reported to already have been exploited.

February 2024: Vulremi, Vuldetta, PT VM Course relaunch, PT TrendVulns digests, Ivanti, Fortinet, MSPT, Linux PW

Hello everyone! In this episode, I will talk about the February updates of my open source projects, also about projects at my main job at Positive Technologies and interesting vulnerabilities. Alternative video link (for Russia): https://vk.com/video-149273431_456239140 Let’s start with my open source projects. Vulremi A simple vulnerability remediation utility, Vulremi, now has a logo and […]

RT-Thread RTOS 5.0.2 Overflows / Weak Random Source

RT-Thread RTOS versions 5.0.2 and below suffer from multiple buffer overflows, a weak random source in rt_random driver, and various other vulnerabilities.

Researchers Test Zero-click Worms that Exploit Generative AI Apps

By Waqas Researchers have created computer worms with self-propagation capabilities that target GenAI applications. This is a post from HackRead.com Read the original post: Researchers Test Zero-click Worms that Exploit Generative AI Apps

Pegasus spyware creator ordered to reveal code used to spy on WhatsApp users

Meta has won a court case against spyware vendor NSO Group to reveal the Pegasus spyware code that allows spying on WhatsApp users.

CryptoChameleon Phishing Scam Targets Crypto Users and FCC Employees

By Deeba Ahmed Lookout urges crypto users to be on the lookout of the new and tricky phishing campaign. This is a post from HackRead.com Read the original post: CryptoChameleon Phishing Scam Targets Crypto Users and FCC Employees

GHSA-9vx6-7xxf-x967: OpenZeppelin Contracts base64 encoding may read from potentially dirty memory

### Impact The `Base64.encode` function encodes a `bytes` input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. Although the `encode` function pads the output for these cases, up to 4 bits of data are kept between the encoding and padding, corrupting the output if these bits were dirty (i.e. memory after the input is not 0). These conditions are more frequent in the following scenarios: - A `bytes memory` struct is allocated just after the input and the first bytes of it are non-zero. - The memory pointer is set to a non-empty memory location before allocating the input. Developers should evaluate whether the extra bits can be maliciously manipulated by an attacker. ### Patches Upgrade to 5.0.2 or 4.9.6. ### References This issue was reported by the Independent Security Researcher Riley Holterhus through Immunefi (@rileyholterhus on X)

Here Are the Google and Microsoft Security Updates You Need Right Now

Plus: Mozilla patches 12 flaws in Firefox, Zoom fixes seven vulnerabilities, and more critical updates from February.