#zero_day

A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.

By Deeba Ahmed This year's Pwn2Own 2023 was held in Vancouver between March 22nd and 24th, 2023. This is a post from HackRead.com Read the original post: Pwn2Own 2023: Tesla Model 3, Windows 11, Ubuntu and more Pwned

In two days, ethical researchers from 10 countries have unearthed more than 22 zero-day bugs in a wide range of technologies at the annual hacking contest.

Open source software continues to pose a challenge for companies. With the proper security practices, you can reduce your open source risk and manage it.

Facebook users are notoriously the biggest offenders for sharing fake news and misinformation.

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity  Vendor: Schneider Electric  Equipment: IGSS (Interactive Graphical SCADA System)   Vulnerabilities: Missing Authentication for Critical Function, Insufficient Verification of Data Authenticity, Deserialization of Untrusted Data, Improper Limitation of a Pathname to a Restricted Directory, and Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in a denial-of-service condition, as well as the loss, addition, or modification of dashboards or report files in the IGSS Report folder. Successful exploitation of these vulnerabilities could also allow remote code execution, potentially resulting in loss of control of the supervisory control and data acquisition (SCADA) System with IGSS running in production mode. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports these vulnerabilities affect the following Data Server, Dashboard and Cu...

Categories: News Tags: ATM Tags: bitcoin Tags: cryptocurrency Tags: wallet Tags: hot Tags: cold Tags: 0 day Tags: zero day We look at a $1.5m heist of cryptocurrency via compromised Bitcoin ATMs. (Read more...) The post Zero-day spells disaster for Bitcoin ATM appeared first on Malwarebytes Labs.

Op[4]'s firmware security platform detects, prioritizes, and remediates exploitable vulnerabilities in Internet of Things and embedded systems.

Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Nearly 20% of the zero-day flaws that attackers exploited in 2022 were in network, security, and IT management products, Mandiant says.