Improper file verification vulnerability in SaAT Netizen installer ver.1.2.0.424 and earlier, and SaAT Netizen ver.1.2.0.8 (Build427) and earlier allows a remote unauthenticated attacker to conduct a man-in-the-middle attack. A successful exploitation may result in a malicious file being downloaded and executed.
Yu Hao discovered that the UBI driver in the Linux kernel did not properly
check for MTD with zero erasesize during device attachment. A local
privileged attacker could use this to cause a denial of service (system
crash). (CVE-2023-31085)
Marek Marczykowski-Górecki discovered that the Xen event channel
infrastructure implementation in the Linux kernel contained a race
condition. An attacker in a guest VM could possibly use this to cause a
denial of service (paravirtualized device unavailability). (CVE-2023-34324)
Lucas Leong discovered that the netfilter subsystem in the Linux kernel did
not properly validate some attributes passed from userspace. A local
attacker could use this to cause a denial of service (system crash) or
possibly expose sensitive information (kernel memory). (CVE-2023-39189)
Bien Pham discovered that the netfiler subsystem in the Linux kernel
contained a race condition, leading to a use-after-free vulnerability. A
local user could use this to cause a denial of service (system crash) or
possibly execute arbitrary code. (CVE-2023-4244)
Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did
not properly handle socket buffers (skb) when performing IP routing in
certain circumstances, leading to a null pointer dereference vulnerability.
A privileged attacker could use this to cause a denial of service (system
crash). (CVE-2023-42754)
It was discovered that the Quick Fair Queueing scheduler implementation in
the Linux kernel did not properly handle network packets in certain
conditions, leading to a use after free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-4921)
It was discovered that the SMB network file sharing protocol implementation
in the Linux kernel did not properly handle certain error conditions,
leading to a use-after-free vulnerability. A local attacker could use this
to cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2023-5345)
** UNSUPPPORTED WHEN ASSIGNED ** The vulnerability exists in Syska SW100 Smartwatch due to an improper implementation and/or configuration of Nordic Device Firmware Update (DFU) which is used for performing Over-The-Air (OTA) firmware updates on the Bluetooth Low Energy (BLE) devices. An unauthenticated attacker could exploit this vulnerability by setting arbitrary values to handle on the vulnerable device over Bluetooth.
Successful exploitation of this vulnerability could allow the attacker to perform firmware update, device reboot or data manipulation on the target device.
Ukraine is using $400 drones to destroy tanks:
Facing an enemy with superior numbers of troops and armor, the Ukrainian defenders are holding on with the help of tiny drones flown by operators like Firsov that, for a few hundred dollars, can deliver an explosive charge capable of destroying a Russian tank worth more than $2 million.
[…]
A typical FPV weighs up to one kilogram, has four small engines, a battery, a frame and a camera connected wirelessly to goggles worn by a pilot operating it remotely. It can carry up to 2.5 kilograms of explosives and strike a target at a speed of up to 150 kilometers per hour, explains Pavlo Tsybenko, acting director of the Dronarium military academy outside Kyiv.
“This drone costs up to $400 and can be made anywhere. We made ours using microchips imported from China and details we bought on AliExpress. We made the carbon frame ourselves. And, yeah, the batteries are from Tesla. One car has like 1,100 batteries that can be used to power these little guys,” Tsybenko told POLITICO on a recent visit, showing the custom-made FPV drones used by the academy to train future drone pilots.
“It is almost impossible to shoot it down,” he said. “Only a net can help. And I predict that soon we will have to put up such nets above our cities, or at least government buildings, all over Europe.”
Science fiction authors have been writing about drone swarms for decades. Now they are reality. Tanks today. Soon it will be ships (probably with more expensive drones). Feels like this will be a major change in warfare.
LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker.
LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker.
ISC2’s CEO says the c-suite appears to be more concerned with economic risk than cyber risk
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
As Cybersecurity Awareness Month winds down and you prepare for Halloween festivities like trick-or-treating and pumpkin carving, don’t forget to protect against real-world monsters: artificial intelligence-driven cyber threats. Here are a few steps that may help ward off such threats like garlic protects against Dracula: Taking precautionary steps against them may keep the real monsters at bay!
1. Be wary of dubious emails
Poor language and spelling were once clear indicators that something was amiss with emails, but thanks to artificial intelligence, fraudsters can now use scammer accounts that appear authentic but contain harmful links or attachments authored by actual individuals but which actually contain malicious software code. Be wary of any email that requests sensitive data or seems too good to be true – be especially wary when asking you for sensitive details! Do not open links or download anything until certain that its originator can be confirmed as reliable.
2. Be wary of deep fake scams
Imagine having an online conversation with the ghost of one of your closest friends that sounded exactly the same; that is what deep fakes look like and they make even more convincing by AI. Deep fakes are forms of social engineering wherein scammers pose as trusted contacts to lure victims into divulging personal or financial data or conducting transactions – any time someone requests personal details online it is best practice to check their identity first before providing personal data or financial transactions.
3. Don’t let imitators scare you
Some forms of artificial intelligence have the ability to mimic human voices convincingly, making con artists appear legitimate by pretending they represent a loved one or organization such as banks – inducing you to give over information or money they do not deserve in return. If anyone calls and requests personal details from you, simply hang up immediately before checking with company mainline to be certain it was legit caller before providing anything at all.
4. Be wary of chatbots or messages sent via artificial intelligence (AI).
Scammers use chatbots and automated systems such as AI to pose as legitimate businesses; scammers then send you requests asking for sensitive data such as credit card details. Whenever receiving any request that appears suspicious, be sure to investigate further by verifying who sent it first.
5. Maintain a healthy mistrust and curiosity
You should remain cautious of online offers and messages in much the same way you might question whether that haunted house really exists. Stay vigilant in seeking knowledge regarding online safety – many organizations now provide courses designed to teach us to recognize phishing scams more quickly if we equip ourselves with information, which may serve to better defend ourselves against scams online.
While AI is providing unprecedented opportunities, it is also increasing the severity of cyber risks. You may have a more secure time online if you take precautions, learn as much as you can, and make use of security technologies powered by artificial intelligence. You may avoid falling for AI-powered cyber pranks by exercising the same caution you would when collecting candy from strangers on Halloween. Sending best wishes on this spooky holiday.
Please have a look at my Halloween blog from last year.
