Aggregator

A vulnerability classified as problematic has been found in Linux Kernel up to 6.1.58/6.5.6. This affects an unknown part of the component mana. The manipulation leads to injection. This vulnerability is uniquely identified as CVE-2023-52532. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.8.1. It has been declared as critical. Affected by this vulnerability is the function usbtv_video_free of the component Media. The manipulation leads to deadlock. This vulnerability is known as CVE-2024-27072. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel and classified as critical. Affected by this issue is the function snd_usb_pcm_has_fixed_rate of the component ALSA. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2023-52904. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.90/6.6.30/6.8.9. It has been rated as critical. Affected by this issue is the function typec_register_partner. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2024-36893. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.86/6.8.6 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Bluetooth. The manipulation leads to memory corruption. This vulnerability is known as CVE-2024-35965. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel. This vulnerability affects unknown code of the file drivers/gpu/vmxgfx/vmxgfx_execbuf.c of the component vmwgfx Driver. The manipulation leads to null pointer dereference. This vulnerability was named CVE-2022-38096. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Linux Kernel up to 5.10.201/5.15.139/6.1.63/6.5.12/6.6.2. It has been classified as critical. Affected is the function versatile_panel_get_modes. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2023-52821. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

ProductsFor Enterprises(B2B)

英国保护儿童防止其浏览色情内容的 Online Safety Act 将于 2025 年 3 月 16 日生效。该法律要求平台扫描儿童色情内容，对非法或合法但“有害”的内容采取行动，未履行义务的平台将面临最高 1800 万英镑或其年营业额 10% 的罚款，取数字较高的一个。运营着数百个论坛的服务商 Microcosm 宣布将在法律生效当天停止运营，数百个论坛将会下线。Microcosm 表示无法遵守法案的冗长要求，认为法案创造了“过高的个人责任”。

英国保护儿童防止其浏览色情内容的 Online Safety Act 将于 2025 年 3 月 16 日生效。该法律要求平台扫描儿童色情内容，对非法或合法但“有害”的内容采取行动，未履行

本周，互联网网络安全态势整体评价为良。

2024年12月18日，深瞳漏洞实验室监测到一则Apache-Tomcat组件存在代码执行漏洞的信息，漏洞编号：CVE-2024-50379，漏洞威胁等级：严重。

漏洞名称：Tomcat 远程代码执行漏洞(CVE-2024-50379)组件名称：Apache Tomcat影响范围：9.0.0.M1 ≤ Apache Tomcat < 9.0.9810.1.0-M

Последствия утечки данных становятся всё более масштабными.

Appdome announced that the Appdome Mobile Defense Platform now protects applications running on mobile-enabled platforms like Apple macOS, Apple visionOS, Meta Quest, HarmonyOS Next, Android Auto, Apple CarPlay, Android TV, Apple TV, and Google Play Games for PC. Emerging mobile platforms such as virtual reality (VR) headsets, wearables, TV streaming, automotive operating systems, as well as augmented reality (AR) devices, are experiencing explosive growth, with markets projected to expand at compound annual growth rates (CAGR) … More →

The post Appdome protects applications running on mobile-enabled platforms appeared first on Help Net Security.

BeyondTrust has disclosed details of a critical security flaw in Privileged Remote Access (PRA) and Remote Support (RS) products that could potentially lead to the execution of arbitrary commands. Privileged Remote Access controls, manages, and audits privileged accounts and credentials, offering zero trust access to on-premises and cloud resources by internal, external, and third-party users.

Attackers are ingeniously exploiting Google Calendar and Google Drawings in phishing campaigns, targeting unsuspecting individuals and organizations. Leveraging the inherent trust in Google’s widely used tools, cybercriminals are successfully deceiving users into revealing sensitive information and compromising their accounts. Google Calendar: A Trusted Tool Turned Target Google Calendar, a widely used scheduling tool with over […]

The post Cybercriminals Exploit Google Calendar and Drawings in Phishing Campaigns appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

INTERPOL is calling for a linguistic shift that aims to put to an end to the term "pig butchering," instead advocating for the use of "romance baiting" to refer to online scams where victims are duped into investing in bogus cryptocurrency schemes under the pretext of a romantic relationship. "The term 'pig butchering' dehumanizes and shames victims of such frauds, deterring people from coming