News

Looking Glass Cyber
    Malware Patrol SecList
    • A cryptor, a stealer and a banking trojan
      In this report, we share our latest crimeware findings: the ASMCrypt cryptor/loader related to DoubleFinger, a new Lumma stealer and a new version of Zanubis Android banking trojan.
    securingtomorrow.mcafee.com
      Quick Heal Threat Post Naked Security Security Affairs

      Security Awareness Tips of the week

        Exploits

        Last 20 Website Defacements - Zone-h

          Advisories

          Symantec Packet Stoem Security

          • Gentoo Linux Security Advisory 202310-01 Mon, 02 Oct 2023 15:09:41 GMT
            Gentoo Linux Security Advisory 202310-1 - Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution. Versions greater than or equal to 0.103.7 are affected.
          • Debian Security Advisory 5512-1 Mon, 02 Oct 2023 15:09:26 GMT
            Debian Linux Security Advisory 5512-1 - Several vulnerabilities were discovered in Exim, a mail transport agent, which could result in remote code execution if the EXTERNAL or SPA/NTLM authenticators are used.
          • Debian Security Advisory 5511-1 Mon, 02 Oct 2023 15:09:11 GMT
            Debian Linux Security Advisory 5511-1 - Several security vulnerabilities have been discovered in mosquitto, a MQTT compatible message broker, which may be abused for a denial of service attack.
          • Gentoo Linux Security Advisory 202309-17 Mon, 02 Oct 2023 15:05:50 GMT
            Gentoo Linux Security Advisory 202309-17 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions greater than or equal to 113.0.5672.126 are affected.
          • Gentoo Linux Security Advisory 202309-16 Mon, 02 Oct 2023 15:05:35 GMT
            Gentoo Linux Security Advisory 202309-16 - Multiple vulnerabilities have been discovered in wpa_supplicant and hostapd, the worst of which could result in arbitrary code execution. Versions greater than or equal to 2.10 are affected.
          • Debian Security Advisory 5510-1 Mon, 02 Oct 2023 15:05:13 GMT
            Debian Linux Security Advisory 5510-1 - Clement Lecigne discovered a heap-based buffer overflow in libvpx, a multimedia library for the VP8 and VP9 video codecs, which may result in the execution of arbitrary code if a specially crafted VP8 media stream is processed.
          • Gentoo Linux Security Advisory 202309-15 Mon, 02 Oct 2023 14:59:38 GMT
            Gentoo Linux Security Advisory 202309-15 - Multiple vulnerabilities have been found in GNU Binutils, the worst of which could result in denial of service. Versions greater than or equal to 2.40 are affected.
          • Debian Security Advisory 5509-1 Mon, 02 Oct 2023 14:59:18 GMT
            Debian Linux Security Advisory 5509-1 - A buffer overflow in VP8 media stream processing has been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
          • Debian Security Advisory 5508-1 Mon, 02 Oct 2023 14:58:59 GMT
            Debian Linux Security Advisory 5508-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
          • Red Hat Security Advisory 2023-5407-01 Mon, 02 Oct 2023 14:58:37 GMT
            Red Hat Security Advisory 2023-5407-01 - OpenShift GitOps KAM OpenShift GitOps Kubernetes Application Manager CLI tool. Issues addressed include a denial of service vulnerability.
          • Ubuntu Security Notice USN-6386-2 Fri, 29 Sep 2023 14:41:41 GMT
            Ubuntu Security Notice 6386-2 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle L2CAP socket release, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
          • Gentoo Linux Security Advisory 202309-14 Fri, 29 Sep 2023 14:41:12 GMT
            Gentoo Linux Security Advisory 202309-14 - Multiple vulnerabilities have been found in libarchive, the worst of which could result in denial of service. Versions greater than or equal to 3.7.1 are affected.
          • Gentoo Linux Security Advisory 202309-13 Fri, 29 Sep 2023 14:41:03 GMT
            Gentoo Linux Security Advisory 202309-13 - A buffer overflow vulnerability has been found in GMP which could result in denial of service. Versions greater than or equal to 6.2.1-r2 are affected.
          • Gentoo Linux Security Advisory 202309-12 Fri, 29 Sep 2023 14:40:55 GMT
            Gentoo Linux Security Advisory 202309-12 - Multiple vulnerabilities have been found in sudo, the worst of which can result in root privilege escalation. Versions greater than or equal to 1.9.13_p2 are affected.
          • Gentoo Linux Security Advisory 202309-11 Fri, 29 Sep 2023 14:40:47 GMT
            Gentoo Linux Security Advisory 202309-11 - Multiple vulnerabilities have been found in libsndfile, the worst of which could result in arbitrary code execution. Versions greater than or equal to 1.1.0 are affected.
          • Gentoo Linux Security Advisory 202309-10 Fri, 29 Sep 2023 14:40:40 GMT
            Gentoo Linux Security Advisory 202309-10 - A vulnerability was discovered in Fish when handling git repository configuration that may lead to execution of arbitrary code Versions greater than or equal to 3.4.0 are affected.
          • Gentoo Linux Security Advisory 202309-09 Fri, 29 Sep 2023 14:40:33 GMT
            Gentoo Linux Security Advisory 202309-9 - Multiple vulnerabilities have been found in Pacemaker, the worst of which could result in root privilege escalation. Versions greater than or equal to 2.0.5_rc2 are affected.
          • Debian Security Advisory 5507-1 Fri, 29 Sep 2023 14:40:27 GMT
            Debian Linux Security Advisory 5507-1 - Multiple security vulnerabilities were found in Jetty, a Java based web server and servlet engine.
          • Red Hat Security Advisory 2023-5405-01 Fri, 29 Sep 2023 14:40:21 GMT
            Red Hat Security Advisory 2023-5405-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include buffer overflow and code execution vulnerabilities.
          • Debian Security Advisory 5506-1 Fri, 29 Sep 2023 14:40:14 GMT
            Debian Linux Security Advisory 5506-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code
          • Red Hat Security Advisory 2023-5396-01 Thu, 28 Sep 2023 16:26:59 GMT
            Red Hat Security Advisory 2023-5396-01 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.4.4 replaces Data Grid 8.4.3 and includes bug fixes and enhancements. Issues addressed include a denial of service vulnerability.
          • Ubuntu Security Notice USN-6369-2 Thu, 28 Sep 2023 16:26:39 GMT
            Ubuntu Security Notice 6369-2 - USN-6369-1 fixed a vulnerability in libwebp. This update provides the corresponding update for Ubuntu 18.04 LTS. It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code.
          • Red Hat Security Advisory 2023-5379-01 Thu, 28 Sep 2023 16:24:08 GMT
            Red Hat Security Advisory 2023-5379-01 - Network Observability 1.4.0. Issues addressed include a denial of service vulnerability.
          • Ubuntu Security Notice USN-6400-1 Thu, 28 Sep 2023 16:23:42 GMT
            Ubuntu Security Notice 6400-1 - It was discovered that Python did not properly provide constant-time processing for a crypto operation. An attacker could possibly use this issue to perform a timing attack and recover sensitive information.
          • Red Hat Security Advisory 2023-5376-01 Thu, 28 Sep 2023 16:23:13 GMT
            Red Hat Security Advisory 2023-5376-01 - Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a denial of service vulnerability.