Read Time:3 Second
Which? wants banks to improve customer outreach and security
Monthly Archives: May 2023
Malicious HTML Attachment Volumes Surge
US Authorities Dismantle Dark Web “Card Checking” Platform
USN-6055-1: Ruby vulnerabilities
Read Time:21 Second
It was discovered that Ruby incorrectly handled certain regular expressions.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2023-28755)
It was discovered that Ruby incorrectly handled certain regular expressions.
An attacker could possibly use this issue to cause a denial of service.
This issue is being addressed only for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2023-28756)
Apple and Google join forces to combat AirTag stalking
Read Time:11 Second
Apple and Google have announced that they are teaming up in order to combat the safety risks associated with AirTags and other tracking devices.
Read more in my article on the Hot for Security blog.
ZDI-23-537: D-Link DAP-1360 Hardcoded Credentials Authentication Bypass Vulnerability
Read Time:8 Second
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.
ZDI-23-538: D-Link DAP-1360 Multiple Parameters Stack-Based Buffer Overflow Remote Code Execution Vulnerability
Read Time:8 Second
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability.
ZDI-23-539: D-Link DIR-2640 LocalIPAddress Command Injection Remote Code Execution Vulnerability
Read Time:10 Second
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
ZDI-23-540: D-Link DIR-2640 HNAP PrivateLogin Authentication Bypass Vulnerability
Read Time:8 Second
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability.
ZDI-23-541: D-Link DIR-2640 prog.cgi Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability
Read Time:8 Second
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability.