#mac

Microsoft zero-days, dark web forum takedowns and Pentagon leaks on Discord in this week's newsletter.

Security researchers are jailbreaking large language models to get around safety rules. Things could get much worse.

Ubuntu Security Notice 6014-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.

Categories: Ransomware Categories: Threat Intelligence Cl0p was the most used ransomware in March 2023, dethroning the usual frontrunner LockBit, after breaching over 104 organizations with a zero-day vulnerability. (Read more...) The post Ransomware review: April 2023 appeared first on Malwarebytes Labs.

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.3.

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Siemens  Equipment: SCALANCE XCM332  Vulnerabilities: Allocation of Resources Without Limits or Throttling, Use After Free, Concurrent Execution Using Shared Resource with Improper Synchronization ('Race Condition'), Incorrect Default Permissions, Out-of-bounds Write, and Improper Validation of Syntactic Correctness of Input  2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause a denial-of-service condition, code execution, data injection, and allow unauthorized access.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  SCALANCE XCM332 (6GK5332-0GA01-2AC2): Versions prior to 2.2  3.2 VULNERABILITY OVERVIEW 3.2.1 ALLOCATION OF RESOURCES WITHOUT LIMITS OR THROTTLING CWE-770  In versions of libtirpc prior to 1.3.3rc1, remote attackers could exhaust the file descriptors of a process using libtirpc due to mishandling of idle TC...

1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Exploitable with adjacent access  Vendor: Siemens  Equipment: SCALANCE X-200IRT Devices  Vulnerability: Inadequate Encryption Strength  2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthorized attacker in a machine-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3): All versions prior to V5.5.2  SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3): All versions prior to V5.5.2  SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6): All versions prior to V5.5.2  SCALANCE X202-2IRT (6GK5202-2BB00-2BA3): All versions prior to V5.5.2  SCALANCE X202-2IRT (6GK5202-2BB10-2BA3): All versions prior to V5.5.2  SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3): All versions prior to V5.5.2  SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA...

1. EXECUTIVE SUMMARY CVSS v3 6.2 ATTENTION: Low attack complexity   Vendor: Siemens Equipment: Adaptec maxView Application Vulnerability: Exposure of Sensitive Information to an Unauthorized Actor  2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to decrypt intercepted local traffic between the browser and the application. A local attacker could perform a machine-in-the-middle attack to modify data in transit.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following software from Siemens is affected:  SIMATIC IPC1047: All versions   SIMATIC IPC1047E: All versions with Adaptec maxView Storage Manager prior to 4.09.00.25611 on Windows  SIMATIC IPC647D: All versions  SIMATIC IPC647E: All versions with Adaptec maxView Storage Manager prior to 4.09.00.25611 on Windows  SIMATIC IPC847D: All versions  SIMATIC IPC847E: All versions with Adaptec maxView Storage Manager prior to 4.09.00.25611 on Windows  3.2 VULNERABILITY OVERVIEW 3.2.1 EXPOSURE OF S...

The Transparent Tribe threat actor has been linked to a set of weaponized Microsoft Office documents in attacks targeting the Indian education sector using a continuously maintained piece of malware called Crimson RAT. While the suspected Pakistan-based threat group is known to target military and government entities in the country, the activities have since expanded to include the education

The North Korean threat actor known as the Lazarus Group has been observed shifting its focus and rapidly evolving its tools and tactics as part of a long-running activity called DeathNote. While the nation-state adversary is known for its persistent attacks on the cryptocurrency sector, it has also targeted automotive, academic, and defense sectors in Eastern Europe and other parts of the world