Read Time:9 Second
Cybercriminals have adopted a novel trick for infecting devices with malware: sending out physical letters that contain malicious QR codes.
Read more in my article on the Hot for Security blog.
Monthly Archives: November 2024
Suspected Phobos Ransomware Admin Extradited to US
Read Time:5 Second
A Russian national suspected of involvement in Phobos ransomware has appeared in court in the US
Companies Take Over Seven Months to Recover From Cyber Incidents
Read Time:5 Second
Fastly claims global organizations are taking 25% longer than expected to recover from security incidents
mingw-python-waitress-2.1.2-7.fc40
Read Time:8 Second
FEDORA-2024-5abfdba2b7
Packages in this update:
mingw-python-waitress-2.1.2-7.fc40
Update description:
Backport fixes for CVE-2024-49768 and CVE-2024-49769.
python-aiohttp-3.9.5-2.el9
Read Time:7 Second
FEDORA-EPEL-2024-7ac44bd3cc
Packages in this update:
python-aiohttp-3.9.5-2.el9
Update description:
Security fix for CVE-2024-52304
python-aiohttp-3.9.5-2.fc39
Read Time:7 Second
FEDORA-2024-8c3c0913dc
Packages in this update:
python-aiohttp-3.9.5-2.fc39
Update description:
Security fix for CVE-2024-52304
ZDI-24-1531: RSA Security SecureID Software Token for Microsoft Windows Uncontrolled Search Path Element Remote Code Execution Vulnerability
Read Time:15 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of RSA Security SecureID Software Token for Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
ZDI-24-1528: Dassault Systèmes eDrawings Viewer SAT File Parsing Uninitialized Variable Remote Code Execution Vulnerability
Read Time:18 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-10204.
ZDI-24-1529: Dassault Systèmes eDrawings Viewer X_B File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Read Time:18 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-10204.
ZDI-24-1530: WordPress Core maybe_unserialize Deserialization of Untrusted Data Remote Code Execution Vulnerability
Read Time:14 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of WordPress Core. Authentication may be required to exploit this vulnerability, depending on the product configuration. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-31210.