News

Hacker leaks upcoming episodes of Netflix shows online following security breach

August 22, 2024

Read Time:12 Second

A production partner of Netflix has suffered a serious security breach which has resulted in yet-to-be-released episodes of popular shows to be leaked online.

Read more in my article on the Hot for Security blog.

News

Over 100,000 Oregon Zoo visitors warned that their payment card details were stolen in security breach

August 22, 2024

Read Time:12 Second

Cybercriminals have succeeded in stealing the payment card information from over 110,000 animal lovers over several months after meddling with Oregon Zoo’s online ticket payment system.

Read more in my article on the Hot for Security blog.

News

Security Flaws in UK Political Party Donation Platforms Exposed

August 22, 2024

Read Time:8 Second

The donation websites of the UK’s seven major political parties are missing critical security features to protect the accounts of donors, according to DataDome

News

Novel Android Malware Steals Card NFC Data For ATM Withdrawals

August 22, 2024

Read Time:5 Second

ESET claims new NGate Android malware relays NFC data to steal card details for ATM cash-out

News

Backdoor in Mifare Smart Cards Could Open Doors Around the World

August 22, 2024

Read Time:4 Second

Quarklabs researchers claim millions of contactless key cards could be cloned via a backdoor

Advisories

ZDI-24-1161: Linux Kernel vmwgfx Driver Out-Of-Bounds Read Information Disclosure Vulnerability

August 22, 2024

Read Time:17 Second

This vulnerability allows local attackers to disclose sensitive information on affected installations of Linux Kernel. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.7. The following CVEs are assigned: CVE-2024-36960.

Advisories

ZDI-24-1162: Allegra renderFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability

August 22, 2024

Read Time:12 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-5579.

Advisories

ZDI-24-1163: Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability

August 22, 2024

Read Time:12 Second

Advisories

ZDI-24-1164: Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability

August 22, 2024

Read Time:12 Second

Advisories

ZDI-24-1165: Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability

August 22, 2024

Read Time:12 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-30372.

Cyber Security News

Daily Archives: August 22, 2024

Hacker leaks upcoming episodes of Netflix shows online following security breach

Over 100,000 Oregon Zoo visitors warned that their payment card details were stolen in security breach

Security Flaws in UK Political Party Donation Platforms Exposed

Novel Android Malware Steals Card NFC Data For ATM Withdrawals

Backdoor in Mifare Smart Cards Could Open Doors Around the World

ZDI-24-1161: Linux Kernel vmwgfx Driver Out-Of-Bounds Read Information Disclosure Vulnerability

ZDI-24-1162: Allegra renderFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability

ZDI-24-1163: Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability

ZDI-24-1164: Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability

ZDI-24-1165: Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability

News, Advisories and much more