Aggregator

U.S. CISA adds PTZOptics camera bugs to its Known Exploited Vulnerabilities catalog

Security Affairs
8 months 3 weeks ago
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds PTZOptics PT30X-SDI/NDI camera bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Threat actors are attempting to exploit the two zero-day vulnerabilities CVE-2024-8956 and CVE-2024-8957 in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras, GretNoise researchers warned last week. GreyNoise […]
Pierluigi Paganini

New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers

The Hackers News
8 months 3 weeks ago
Over 1,500 Android devices have been infected by a new strain of Android banking malware called ToxicPanda that allows threat actors to conduct fraudulent banking transactions. "ToxicPanda's main goal is to initiate money transfers from compromised devices via account takeover (ATO) using a well-known technique called on-device fraud (ODF)," Cleafy researchers Michele Roviello, Alessandro Strino
The Hacker News

Pacific Rim: Chronicling a 5-year Hacking Escapade

Security Boulevard
8 months 3 weeks ago

Contributors to this post: Mickey Shkatov, Alex Bazhaniuk So What Happened? Last week, Sophos released a bombshell report on what they’re calling “Pacific Rim”—and no, we’re not talking about giant robots fighting sea monsters. Sophos chronicles a five-year ordeal involving nation-state threat actors targeting network appliances, particularly Sophos firewalls. The discovery has been documented in […]

The post Pacific Rim: Chronicling a 5-year Hacking Escapade appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post Pacific Rim: Chronicling a 5-year Hacking Escapade appeared first on Security Boulevard.

Paul Asadoorian

CVE-2021-44790 | Oracle Communications Session Route Manager up to 8.x Third Party out-of-bounds write (EDB-51193)

Vuldb Updates
8 months 3 weeks ago
A vulnerability was found in Oracle Communications Session Route Manager up to 8.x. It has been classified as very critical. This affects an unknown part of the component Third Party. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2021-44790. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com

AIs Discovering Vulnerabilities

Security Boulevard
8 months 3 weeks ago

I’ve been writing about the possibility of AIs automatically discovering code vulnerabilities since at least 2018. This is an ongoing area of research: AIs doing source code scanning, AIs finding zero-days in the wild, and everything in between. The AIs aren’t very good at it yet, but they’re getting better.

Here’s some anecdotal data from this summer:

Since July 2024, ZeroPath is taking a novel approach combining deep program analysis with adversarial AI agents for validation. Our methodology has uncovered numerous critical vulnerabilities in production systems, including several that traditional Static Application Security Testing (SAST) tools were ill-equipped to find. This post provides a technical deep-dive into our research methodology and a living summary of the bugs found in popular open-source tools...

The post AIs Discovering Vulnerabilities appeared first on Security Boulevard.

Bruce Schneier

Managed ad