Read Time:7 Second
Kaspersky “poses an undue or unacceptable risk to national security,” according to the US Commerce Department’s Bureau of Industry and Security
Ross Anderson’s Memorial Service
Read Time:8 Second
The memorial service for Ross Anderson will be held on Saturday, at 2:00 PM BST. People can attend remotely on Zoom. (The passcode is “L3954FrrEF”.)
Synnovis Attackers Publish NHS Patient Data Online
Read Time:6 Second
Ransomware group Qilin has reportedly published nearly 400GB of data stolen following the attack on NHS provider Synnovis in early June
mingw-poppler-24.02.0-2.fc40
Read Time:7 Second
FEDORA-2024-94068499c9
Packages in this update:
mingw-poppler-24.02.0-2.fc40
Update description:
Backport fix for CVE-2024-6239.
mingw-python-urllib3-1.26.19-1.fc40
Read Time:8 Second
FEDORA-2024-da86a4f061
Packages in this update:
mingw-python-urllib3-1.26.19-1.fc40
Update description:
Update to 1.26.19, fixes CVE-2024-0444.
mingw-python-urllib3-1.26.19-1.fc39
Read Time:8 Second
FEDORA-2024-73f181db2a
Packages in this update:
mingw-python-urllib3-1.26.19-1.fc39
Update description:
Update to 1.26.19, fixes CVE-2024-0444.
Microsoft leak of PlayReady developer / Warbird libs
Read Time:22 Second
Posted by Security Explorations on Jun 21
Hello All,
On Jun 11, 2024 Microsoft engineer posted on a public forum
information about a crash experienced with Apple TV service on a
Surface Pro 9 device [1].
The post had an attachment – a 771MB file (4GB unpacked), which leaked
internal code (260+ files [2]) pertaining to Microsoft PlayReady such
as the following:
– Warbird configuration for building PlayReady library
– Warbird library implementing code obfuscation functionality
– static…
ZDI-24-862: (Pwn2Own) Phoenix Contact CHARX SEC-3100 MQTT Protocol JSON Parsing Buffer Overflow Remote Code Execution Vulnerability
Read Time:14 Second
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.0. The following CVEs are assigned: CVE-2024-26001.
ZDI-24-863: (Pwn2Own) Phoenix Contact CHARX SEC-3100 plctool Improper Privilege Management Local Privilege Escalation Vulnerability
Read Time:18 Second
This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 devices. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-26002.
ZDI-24-864: (Pwn2Own) Phoenix Contact CHARX SEC-3100 OCPP Protocol UpdateFirmware Command Injection Remote Code Execution Vulnerability
Read Time:14 Second
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-25998.