Microsoft warns of “Dirty Stream” attack impacting Android apps

Vulnerability / / Leave a Comment

Microsoft has highlighted a novel attack dubbed “Dirty Stream,” which could allow malicious Android apps to overwrite files in another application’s home directory, potentially leading to arbitrary code execution and secrets theft. The flaw arises from the improper use of Android’s content provider system, which manages access to structured data sets meant to be shared […]

Microsoft warns of “Dirty Stream” attack impacting Android apps Read More »

Police shuts down 12 fraud call centres, arrests 21 suspects

Vulnerability / / Leave a Comment

Law enforcement shut down 12 phone fraud call centers in Albania, Bosnia and Herzegovina, Kosovo, and Lebanon, behind thousands of scam calls daily. Dozens of German law enforcement officers, aided by hundreds of counterparts from other countries (i.e., Albania, Bosnia and Herzegovina, Kosovo, and Lebanon), carried out numerous raids on April 18, identifying 39 suspects

Police shuts down 12 fraud call centres, arrests 21 suspects Read More »

CISA urges software devs to weed out path traversal vulnerabilities

Vulnerability / / Leave a Comment

​CISA and the FBI urged software companies today to review their products and eliminate path traversal security vulnerabilities before shipping. Attackers can exploit path traversal vulnerabilities (also known as directory traversal) to create or overwrite critical files used to execute code or bypass security mechanisms like authentication. Such security flaws can also let threat actors

CISA urges software devs to weed out path traversal vulnerabilities Read More »

Bitwarden launches new MFA Authenticator app for iOS, Android

Vulnerability / / Leave a Comment

Bitwarden has just launched a new multi-factor authenticator app called Bitwarden Authenticator, which is available for iOS and Android devices. The app uses time-based one-time passwords (TOTPs) for accounts registered by scanning a QR code to provide users with an extra layer of security during authentication. “By leveraging widely adopted standards such as TOTP, Bitwarden

Bitwarden launches new MFA Authenticator app for iOS, Android Read More »

CEO who sold fake Cisco devices to US military gets 6 years in prison

Vulnerability / / Leave a Comment

Onur Aksoy, the CEO of a group of companies controlling multiple online storefronts, was sentenced to six and a half years in prison for selling $100 million worth of counterfeit Cisco network equipment to government, health, education, and military organizations worldwide. The 40-year-old Florida man was arrested in Miami on June 29, 2022, and was

CEO who sold fake Cisco devices to US military gets 6 years in prison Read More »

CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities

Vulnerability / / Leave a Comment

Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Secure by Design Alert, Eliminating Directory Traversal Vulnerabilities in Software. This Alert was crafted in response to recent well-publicized threat actor campaigns that exploited directory traversal vulnerabilities in software (e.g., CVE-2024-1708, CVE-2024-20345) to compromise users of the software—impacting critical infrastructure sectors, including the Healthcare

CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities Read More »

Delta Electronics DIAEnergie | CISA

Vulnerability / / Leave a Comment

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIAEnergie Vulnerabilities: SQL Injection, Path Traversal 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated attacker with limited privileges to escalate privileges, retrieve confidential information, upload arbitrary files, backdoor the application, and compromise the system

Delta Electronics DIAEnergie | CISA Read More »

CISA Releases Three Industrial Control Systems Advisories

Vulnerability / / Leave a Comment

CISA released three Industrial Control Systems (ICS) advisories on May 02, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. This content is being syndicated from Source link for documentation purpose. If

CISA Releases Three Industrial Control Systems Advisories Read More »

CyberPower PowerPanel | CISA

Vulnerability / / Leave a Comment

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: CyberPower Equipment: PowerPanel Vulnerabilities: Use of Hard-coded Password, Relative Path Traversal, Use of Hard-coded Credentials, Active Debug Code, Storing Passwords in a Recoverable Format, Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’), Use of Hard-coded Cryptographic Key,

CyberPower PowerPanel | CISA Read More »

Microsoft says April Windows updates break VPN connections

Vulnerability / / Leave a Comment

Microsoft has confirmed that the April 2024 Windows security updates break VPN connections across client and server platforms. The company explains on the Windows health dashboard that “Windows devices might face VPN connection failures after installing the April 2024 security update or the April 2024 non-security preview update.” “We are investigating user reports, and we

Microsoft says April Windows updates break VPN connections Read More »

Scroll to Top