Read Time:7 Second
The first live video of the Promachoteuthis squid, filmed at a newly discovered seamount off the coast of Chile.
A Vulnerability in SonicWall SonicOS Management Access and SSLVPN Could Allow for Unauthorized Resource Access
Read Time:23 Second
A vulnerability has been discovered in SonicWall SonicOS Management Access and SSLVPN, which could allow for unauthorized resource access and in specific conditions, causing the firewall to crash. SonicOS is SonicWall’s operating system designed for their firewalls and other security devices. Successful exploitation of the most severe of these vulnerabilities could allow for unauthorized access on the system. Depending on the privileges associated with the system, an attacker could then; view, change, or delete data.
YubiKey Side-Channel Attack
Read Time:15 Second
There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. It’s a complicated attack, requiring the victim’s username and password, and physical access to their YubiKey—as well as some technical expertise and equipment.
Still, nice piece of security analysis.
ruby-3.3.5-14.fc41
Read Time:6 Second
FEDORA-2024-cfcd6258fa
Packages in this update:
ruby-3.3.5-14.fc41
Update description:
Upgrade to Ruby 3.3.5.
Spyware Vendors’ Nebulous Ecosystem Helps Them Evade Sanctions
Read Time:8 Second
The secret web of at least 435 entities across 42 countries making up the spyware landscape facilitates unpunished security and human rights violations, the Atlantic Council found
openjpeg-2.5.2-4.fc41
Read Time:6 Second
FEDORA-2024-3ecdf562bf
Packages in this update:
openjpeg-2.5.2-4.fc41
Update description:
Backport fix for CVE-2023-39327.
US and Allies Accuse Russian Military of Destructive Cyber-Attacks
Read Time:6 Second
The joint government advisory highlighted the cyber activities of Unit 29155, which has launched destructive cyber-attacks against critical infrastructure globally
clamav-1.0.7-1.el8
Read Time:26 Second
FEDORA-EPEL-2024-cef1a533b1
Packages in this update:
clamav-1.0.7-1.el8
Update description:
Update to 1.0.7
CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the ‘clamd’ or ‘freshclam’ services from using a symlink to corrupt system files.
CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition.
[SYSS-2024-030]: C-MOR Video Surveillance – OS Command Injection (CWE-78)
Read Time:19 Second
Posted by Matthias Deeg via Fulldisclosure on Sep 05
Advisory ID: SYSS-2024-030
Product: C-MOR Video Surveillance
Manufacturer: za-internet GmbH
Affected Version(s): 5.2401, 6.00PL01
Tested Version(s): 5.2401, 6.00PL01
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2024-04-05
Solution Date: –
Public Disclosure: 2024-09-04…
[SYSS-2024-029]: C-MOR Video Surveillance – Dependency on Vulnerable Third-Party Component (CWE-1395)
Read Time:17 Second
Posted by Matthias Deeg via Fulldisclosure on Sep 05
Advisory ID: SYSS-2024-029
Product: C-MOR Video Surveillance
Manufacturer: za-internet GmbH
Affected Version(s): 5.2401
Tested Version(s): 5.2401
Vulnerability Type: Dependency on Vulnerable Third-Party
Component (CWE-1395)
Use of Unmaintained Third Party Components
(CWE-1104)
Risk Level: High
Solution Status: Fixed…