Read Time:6 Second
Mandiant research details how Chinese espionage groups are deploying new tools post-exploitation of recently patched Ivanti vulnerabilities
Daily Archives: April 5, 2024
Wiz Discovers Flaws in GenAI Models Enabling Customer Data Theft
Read Time:5 Second
Wiz researchers found architecture flaws in generative AI models available on the AI hub Hugging Face
Maybe the Phone System Surveillance Vulnerabilities Will Be Fixed
Read Time:42 Second
It seems that the FCC might be fixing the vulnerabilities in SS7 and the Diameter protocol:
On March 27 the commission asked telecommunications providers to weigh in and detail what they are doing to prevent SS7 and Diameter vulnerabilities from being misused to track consumers’ locations.
The FCC has also asked carriers to detail any exploits of the protocols since 2018. The regulator wants to know the date(s) of the incident(s), what happened, which vulnerabilities were exploited and with which techniques, where the location tracking occurred, and if known the attacker’s identity.
This time frame is significant because in 2018, the Communications Security, Reliability, and Interoperability Council (CSRIC), a federal advisory committee to the FCC, issued several security best practices to prevent network intrusions and unauthorized location tracking.
China Using AI-Generated Content to Sow Division in US, Microsoft Finds
Read Time:7 Second
A Microsoft report found that China-affiliated actors are publishing AI-generated content on social media to amplify controversial domestic issues in the US
A Vulnerability in Broadcom Brocade Fabric OS Could Allow for Arbitrary Code Execution
Read Time:27 Second
A vulnerability has been discovered in Broadcom Brocade Fabric OS that could allow for arbitrary code execution. Broadcom Brocade Fabric OS is the storage area networking firmware for Brocade Communications Systems’ Fibre Channel switch and Fibre Channel directors. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged-on user or obtain root level privileges. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
chromium-123.0.6312.105-1.el7
Read Time:15 Second
FEDORA-EPEL-2024-3cb841c5f0
Packages in this update:
chromium-123.0.6312.105-1.el7
Update description:
update to 123.0.6312.105
High CVE-2024-3156: Inappropriate implementation in V8
High CVE-2024-3158: Use after free in Bookmarks
High CVE-2024-3159: Out of bounds memory access in V8
chromium-123.0.6312.105-1.el9
Read Time:15 Second
FEDORA-EPEL-2024-7bc0a1d338
Packages in this update:
chromium-123.0.6312.105-1.el9
Update description:
update to 123.0.6312.105
High CVE-2024-3156: Inappropriate implementation in V8
High CVE-2024-3158: Use after free in Bookmarks
High CVE-2024-3159: Out of bounds memory access in V8
chromium-123.0.6312.105-1.el8
Read Time:15 Second
FEDORA-EPEL-2024-fe061342ca
Packages in this update:
chromium-123.0.6312.105-1.el8
Update description:
update to 123.0.6312.105
High CVE-2024-3156: Inappropriate implementation in V8
High CVE-2024-3158: Use after free in Bookmarks
High CVE-2024-3159: Out of bounds memory access in V8