Multiple vulnerabilities have been discovered in Siemens InterMesh Subscriber Devices, the most severe of which could allow for remote code execution. InterMesh leverages mesh radio technology and hardened alarm monitoring panels to create a private, self-healing network that delivers alarm signals. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data.
Daily Archives: October 29, 2024
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
xorg-x11-server-Xwayland-23.2.7-2.fc39
FEDORA-2024-cc2c07317b
Packages in this update:
xorg-x11-server-Xwayland-23.2.7-2.fc39
Update description:
CVE fix for CVE-2024-9632
xorg-x11-server-Xwayland-24.1.4-1.fc40
FEDORA-2024-275a45a146
Packages in this update:
xorg-x11-server-Xwayland-24.1.4-1.fc40
Update description:
xwayland 24.1.4 – CVE fix for CVE-2024-9632
xorg-x11-server-Xwayland-24.1.4-1.fc41
FEDORA-2024-80c8f31c55
Packages in this update:
xorg-x11-server-Xwayland-24.1.4-1.fc41
Update description:
xwayland 24.1.4 – CVE fix for CVE-2024-9632
New LightSpy Spyware Targets iOS with Enhanced Capabilities
ThreatFabric researchers have discovered significant updates to the LightSpy spyware, featuring plugins designed to interfere with device functionality
Chenlun’s Evolving Phishing Tactics Target Trusted Brands
The phishing campaign targeted users via texts impersonating Amazon, linked to the threat actor Chenlun
USN-7084-1: urllib3 vulnerability
It was discovered that urllib3 didn’t strip HTTP Proxy-Authorization header
on cross-origin redirects. A remote attacker could possibly use this issue
to obtain sensitive information.
The AI Fix #22: Probing AI tongues and ASCII smuggling attacks
In episode 22 of “The AI Fix”, our hosts encounter a bowl of buttermilk king crab ice cream prepared by a baby hippo, a TV station finds an even better way to generate programme ideas than using a tank full of manatees, and Elon Musk does the world’s most expensive Blade Runner cosplay.
Graham discovers a robot tongue and ponders the implications of AIs with an appetite, and Mark explains ASCII smuggling — a prompt injection attack that uses completely invisible characters.
All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.
Law Enforcement Operation Takes Down Redline and Meta Infostealers
Operation Magnus took down infrastructure used to run the Redline and Meta infostealers, widely used tools in cybercriminal activities