Aggregator

Submit #644373 / VDB-316981

A vulnerability described as critical has been identified in Samsung Smart Phone. The affected element is an unknown function of the component Telephony Framework. Executing manipulation can lead to improper access controls. This vulnerability appears as CVE-2023-21487. The attack requires local access. There is no available exploit. Upgrading the affected component is recommended.

A vulnerability classified as critical has been found in Samsung Smart Phone. The impacted element is an unknown function of the component Tips. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2023-21488. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Samsung Smart Phone and classified as problematic. Impacted is the function VideoPreviewActivity of the component Call Setting Handler. The manipulation leads to improper export of android application components. This vulnerability is referenced as CVE-2023-21485. It is possible to launch the attack on the physical device. No exploit is available. To fix this issue, it is recommended to deploy a patch.

A vulnerability was found in Samsung Smart Phone and classified as problematic. The affected element is the function ImagePreviewActivity of the component Call Setting Handler. The manipulation results in improper export of android application components. This vulnerability is identified as CVE-2023-21486. An attack on the physical device is feasible. There is not any exploit available. It is advisable to implement a patch to correct this issue.

The newly emerged worm has spread across hundreds of open source software packages, stealing credentials and infecting other components without much direct attacker input.

A vulnerability labeled as critical has been found in Samsung Smart Phone. This issue affects some unknown processing of the component AppLock. Such manipulation leads to improper access controls. This vulnerability is documented as CVE-2023-21484. The attack needs to be performed locally. There is not any exploit available. The affected component should be upgraded.

A vulnerability, which was classified as critical, has been found in jeecg-boot up to 3.5.3. This vulnerability affects unknown code of the file /testConnection. This manipulation causes path traversal. This vulnerability is registered as CVE-2023-41578. The attack requires access to the local network. No exploit is available.

A vulnerability identified as critical has been detected in Samsung BixbyTouch 2.2.00.6. This vulnerability affects unknown code. Performing manipulation results in improper access controls. This vulnerability is identified as CVE-2023-21465. The attack is only possible with local access. There is not any exploit available. You should upgrade the affected component.

Series C Funding to Drive R&D, Fuel Vision for End-to-End Compliance Capabilities
Texas-based fraud detection startup Seon closed an $80 million Series C funding round to support its shift toward an all-in-one AML and KYC compliance platform powered by AI, as it pursues aggressive international expansion and deeper product integration.

Steganography, Mobile Marketing Attribution, Code Obfuscation Deployed for Ad Fraud
A cybercrime crew using Android mobile apps to conduct advertising fraud took unusual pains to hide its activity, concealing malicious code in downloadable digital images and holding off from infecting the subset of users who organically found their apps through the Google Play store.

Recent, Targeted Attacks Suggest Undercut Group's Claimed 'Going Dark' Retirement
Elements of the notorious ransomware collective lately calling itself Scattered Lapsus$ Hunters appear to be targeting fresh victims, including a U.S. banking organization if not the sector at large, despite a member of the group claiming it would be "going dark" and retiring.

Economic Losses of Carmaker, Suppliers Piling Up
British auto manufacturer Jaguar Land Rover will extend a production pause until late September as it enters its third week of contending with a cyber incident that forced it to shut down assembly lines across the globe.

A global survey of 1,025 IT and security professionals finds that while organizations experienced an average of 2.17 cloud breaches over the past 18 months, only 8% were categorized as severe. At the same time, however, with the rise of artificial intelligence (AI) there may be more significant challenges ahead. More than half of respondents..

The post Survey Surfaces Rising Number of AI Security Incidents appeared first on Security Boulevard.

The contentious hearing focused on other subjects, but lawmakers still had cyber questions and accusations for the head of the bureau.

The post Senators, FBI Director Patel clash over cyber division personnel, arrests appeared first on CyberScoop.

Researchers say the commercial adtech platform and several other companies form the infrastructure of a massive cybercrime operation.

万户OA代码审计与0day挖掘

A potentially monumental supply chain attack is underway, thanks to a self-replicating worm-like payload that has been compromising packages published on the npm Registry. The worm has been dubbed “Shai-hulud” as it steals credentials from victims who run a compromised package and publishes them in a public GitHub repository which contains the name. The worm also uses npm authentication tokens stolen from the victims to perpetuate the cycle of infection and compromise, and compromised GitHub … More →

The post Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack appeared first on Help Net Security.