Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2022-25231: Snyk Vulnerability Database | Snyk

The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit.

CVE
Open in Source
#vulnerability#web#mac#ddos#dos#nodejs#js#git#java
CVE-2022-25304: Snyk Vulnerability Database | Snyk

All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.

New Air-Gap Attack Uses MEMS Gyroscope Ultrasonic Covert Channel to Leak Data

A novel data exfiltration technique has been found to leverage a covert ultrasonic channel to leak sensitive information from isolated, air-gapped computers to a nearby smartphone that doesn't even require a microphone to pick up the sound waves. Dubbed GAIROSCOPE, the adversarial model is the latest addition to a long list of acoustic, electromagnetic, optical, and thermal approaches devised by

CVE-2021-28861: gh-87389: Fix an open redirection vulnerability in http.server. by gpshead · Pull Request #93879 · python/cpython

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure.

CVE-2022-33916: Home Page - OPC Foundation

OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information.

Microsoft Patch Tuesday August 2022: DogWalk, Exchange EOPs, 13 potentially dangerous, 2 funny, 3 mysterious vulnerabilities

Hello everyone! In this episode, let’s take a look at the Microsoft Patch Tuesday August 2022 vulnerabilities. I use my Vulristics vulnerability prioritization tool as usual. I take comments for vulnerabilities from Tenable, Qualys, Rapid7, ZDI and Kaspersky blog posts. Also, as usual, I take into account the vulnerabilities added between the July and August […]

Criminals socially engineer their way to bank details with fake arrest warrants

Categories: News Categories: Social engineering Scammers subject their victims to a whirlwind of emotions so they can achieve their end goal: money. (Read more...) The post Criminals socially engineer their way to bank details with fake arrest warrants appeared first on Malwarebytes Labs.

For Penetration Security Testing, Alternative Cloud Offers Something Others Don't

Alternative cloud providers offer streamlined capabilities for penetration testing, including more accessible tools, easy deployment, and affordable pricing.

TikTok’s In-App Browser Can Monitor Your Activity on External Websites

By Deeba Ahmed Other iPhone apps using in-app browsers were also tested in the research but TikTok was the only app to monitor keystrokes. This is a post from HackRead.com Read the original post: TikTok’s In-App Browser Can Monitor Your Activity on External Websites

Secureworks: How To Distinguish Hype From Reality With AI in SecOps

Secureworks’ Nash Borges describes how his team has applied AI and ML to threat detection.