Aggregator

A vulnerability classified as critical was found in Linux Kernel up to 5.15.99/6.1.17/6.2.4. This issue affects the function debugfs_lookup. Executing manipulation can lead to memory leak. This vulnerability is handled as CVE-2023-53407. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 5.15.98/6.1.15/6.2.2. It has been rated as critical. Affected by this vulnerability is the function debugfs_lookup. The manipulation leads to memory leak. This vulnerability is listed as CVE-2023-53414. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability categorized as critical has been discovered in Linux Kernel up to 5.15.99/6.1.17/6.2.4. Affected by this issue is the function debugfs_lookup of the component isp1362. The manipulation results in memory leak. This vulnerability is cataloged as CVE-2023-53416. The attack must originate from the local network. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.15.99/6.1.17/6.2.4. It has been declared as critical. Affected is the function debugfs_lookup. Executing manipulation can lead to memory leak. This vulnerability is tracked as CVE-2023-53413. The attack is only possible within the local network. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 5.15.99/6.1.17/6.2.4. This affects the function debugfs_lookup. This manipulation causes memory leak. This vulnerability is registered as CVE-2023-53417. The attack requires access to the local network. No exploit is available. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 5.15.99/6.1.17/6.2.4. This affects the function debugfs_lookup of the component dwc3. Executing manipulation can lead to memory leak. This vulnerability appears as CVE-2023-53415. The attacker needs to be present on the local network. There is no available exploit. The affected component should be upgraded.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.15.99/6.1.17/6.2.4. The affected element is the function debugfs_lookup. The manipulation results in memory leak. This vulnerability was named CVE-2023-53409. The attack needs to be approached within the local network. There is no available exploit. You should upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 5.15.98/6.1.15/6.2.2. Impacted is the function debugfs_lookup. The manipulation leads to memory leak. This vulnerability is uniquely identified as CVE-2023-53408. The attack can only be initiated within the local network. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.17/6.2.4 and classified as critical. The impacted element is the function debugfs_lookup. This manipulation causes memory leak. The identification of this vulnerability is CVE-2023-53410. The attack needs to be done within the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability was found in Linux Kernel up to 5.10.172/5.15.98/6.1.15/6.2.2 and classified as critical. This affects the function debugfs_lookup. Such manipulation leads to memory leak. This vulnerability is referenced as CVE-2023-53411. The attack needs to be initiated within the local network. No exploit is available. It is suggested to upgrade the affected component.

Теперь показать ЧП диспетчеру проще, чем описать словами

VS Code developers beware: ReversingLabs found 19 malicious extensions hiding trojans inside a popular dependency, disguising the final malware payload as a standard PNG image file.

The UK Information Commissioner's Office (ICO) fined the LastPass password management firm £1.2 million for failing to implement security measures that allowed an attacker to steal personal information and encrypted password vaults belonging to up to 1.6 million UK users in a 2022 breach. [...]

Bad actors that include nation-state groups to financially-motivated cybercriminals from across the globe are targeting the maximum-severity but easily exploitable React2Shell flaw, with threat researchers see everything from probes and backdoors to botnets and cryptominers.

The post Attackers Worldwide are Zeroing In on React2Shell Vulnerability appeared first on Security Boulevard.

The Next Major Cyber Risk Could Come Through a Biological Sample
Researchers demonstrated that it is feasible to encode executable payloads into synthetic DNA that, once sequenced and processed, could trigger malware in sequencing software. When a vulnerability in a sequencer becomes a vulnerability in national health or food security, the stakes are existential.

Lessons From Lightning-Fast AI-Based Attacks and How Cyber Defenders Should Respond
AI-based attacks will come faster and the sequence of activities will be less predictable. Cyber defenders are skilled in network analysis, incident response and cloud or identity management, but in the face of AI-based attacks, they need new skills, tools and defensive tactics.

Analysis of Seized LockBit Data Suggests Victims Who Pay Enjoy More Media Coverage
Bad news for any organization that's ever paid a ransom in a bid to avoid their breach coming to light, or for a promise from attackers to delete stolen data, with a study of seized LockBit data finding that victims who paid a ransom were more likely to see the attack get detailed in the media.

Inotiv Tells SEC 'It's Still Evaluating Full Impact and Notifying Breach Victims'
Drug research firm Inotiv in a filing with federal regulators said it is still evaluating the financial and operational impact of an August cyberattack that's linked to ransomware gang Qilin. The company is also notifying nearly 10,000 people whose data was allegedly stolen in the incident.

Goldman Sachs-Led Round Supports Harness's Push Into AI Security and Automation
With $200 million in Series E funding and a new $5.5 billion valuation, Harness will scale its AI-powered platform for security, compliance and reliability in software development. The investment will support R&D into AI agents, testing, cost optimization and security for AI workloads.

CTO Matthew Fraser Says Administrations May Change but AI Program Is Built to Last
New York City gets a new mayor on Jan. 1, and while no one knows Zohran Mamdani's plans for using artificial intelligence, the city's AI Action Plan will ensure a strong foundation for innovation, city Chief Technology Officer Matthew Fraser told attendees at The AI Summit in Manhattan on Wednesday.