Daily Archives: September 18, 2023

Advisories

USN-6377-1: LibRaw vulnerability

Read Time:13 Second

It was discovered that LibRaw incorrectly handled certain photo files. If a
user o automated system were tricked into processing a specially crafted
photo file, a remote attacker could possibly cause applications linked
against LibRaw to crash, resulting in a denial of service.

Read More

News

Using Hacked LastPass Keys to Steal Cryptocurrency

Read Time:34 Second

Remember last November, when hackers broke into the network for LastPass—a password database—and stole password vaults with both encrypted and plaintext data for over 25 million users?

Well, they’re now using that data break into crypto wallets and drain them: $35 million and counting, all going into a single wallet.

That’s a really profitable hack. (It’s also bad opsec. The hackers need to move and launder all that money quickly.)

Look, I know that online password databases are more convenient. But they’re also risky. This is why my Password Safe is local only. (I know this sounds like a commercial, but Password Safe is not a commercial product.)

Read More

Advisories

SEC Consult SA-20230918-0 :: Authenticated Remote Code Execution and Missing Authentication in Atos Unify OpenScape

Read Time:15 Second

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Sep 18

SEC Consult Vulnerability Lab Security Advisory < 20230918-0 >
=======================================================================
title: Authenticated Remote Code Execution and
Missing Authentication
product: Atos Unify OpenScape Session Border Controller
Atos Unify OpenScape Branch
Atos Unify OpenScape BCF
vulnerable version: OpenScape SBC…

Read More

Advisories

SEC Consult SA-20230829-0 :: Reflected Cross-Site Scripting (XSS) in PTC – Codebeamer (ALM Solution)

Read Time:20 Second

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Sep 18

SEC Consult Vulnerability Lab Security Advisory < 20230829-0 >
=======================================================================
title: Reflected Cross-Site Scripting (XSS)
product: PTC – Codebeamer (ALM Solution)
vulnerable version: <=22.10-SP7, <=22.04-SP5, <=21.09-SP13
fixed version: >=22.10-SP8, >=22.04-SP6, >=21.09-SP14
CVE number: CVE-2023-4296…

Read More

Advisories

APPLE-SA-2023-09-11-3 macOS Big Sur 11.7.10

Read Time:25 Second

Posted by Apple Product Security via Fulldisclosure on Sep 18

APPLE-SA-2023-09-11-3 macOS Big Sur 11.7.10

macOS Big Sur 11.7.10 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213915.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code…

Read More

Advisories

APPLE-SA-2023-09-11-2 macOS Monterey 12.6.9

Read Time:24 Second

Posted by Apple Product Security via Fulldisclosure on Sep 18

APPLE-SA-2023-09-11-2 macOS Monterey 12.6.9

macOS Monterey 12.6.9 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/kb/HT213914.

Apple maintains a Security Updates page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

ImageIO
Available for: macOS Monterey
Impact: Processing a maliciously crafted image may lead to arbitrary…

Read More