#perl

Categories: News Categories: Personal Tags: MGM resorts Tags: hotel Tags: casino Tags: attack Tags: cyber Tags: shutdown MGM resorts has suffered a major cyberattack leading to shutdowns across the US. (Read more...) The post Major cyberattack leaves MGM Resorts reeling appeared first on Malwarebytes Labs.

The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link.

Ubuntu Security Notice 6357-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service.

WordPress Slimstat Analytics plugin versions 5.0.9 and below suffer from cross site scripting and remote SQL injection vulnerabilities.

Ubuntu Security Notice 6338-2 - Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the f2fs file system in the Linux kernel, leading to a null pointer dereference vulnerability. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service.

Debian Linux Security Advisory 5492-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

Ubuntu Security Notice 6342-2 - Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information. Zheng Zhang discovered that the device-mapper implementation in the Linux kernel did not properly handle locking during table_clear operations. A local attacker could use this to cause a denial of service.

Ubuntu Security Notice 6339-2 - It was discovered that the NTFS file system implementation in the Linux kernel did not properly validate MFT flags in certain situations. An attacker could use this to construct a malicious NTFS image that, when mounted and operated on, could cause a denial of service. Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice 6340-2 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

It was discovered that the IP-VLAN network driver for the Linux kernel did not properly initialize memory in some situations, leading to an out-of- bounds write vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Querijn Voet discovered that a race condition existed in the io_uring subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. Various other vulnerabilities were also discovered and addressed.