Security Bulletin

Aside from disclosing user data provided to law enforcement in its quarterly transparency reports, Telegram has also moved to erase problematic content from its public search functionality with the help of its moderators and artificial intelligence.

Most commonly targeted by cyberattacks with health providers in the Asia-Pacific region, which were subjected to 4,556 weekly intrusions during the first eight months of 2024, data from Check Point Research showed.

Such an intrusion resulted in unauthorized access to Franklin County's poll book records, which included individuals' names, Social Security numbers, financial account numbers, driver's license numbers, medical record numbers, insurance...

Records exposed by grep were divided into a pair of call-tracking TXT files, the first of which detailed phone calls' start and end times, callers' and recipients' phone numbers, and call status, duration, and notes, as well as call interpreters' IDs...

Most of the infections were from the Wuta Camera app, while the rest were from the Max Browser app, according to a Kaspersky analysis.

All four of the poisoned packages, which have already been removed from the PyPI repository, enabled encoded next-stage payload execution before deploying PondRAT for Linux and macOS, which have file upload and download, as well as arbitrary command...

Aside from releasing videos implicating Harris in a hit-and-run accident, Russia also disseminated phony videos of her speeches, said an Office of the Director of National Intelligence official.

Attackers leveraged leaked Kryptina source code to develop rebranded Mallox payloads, including the Mallox Linux 1.0 encryptor that was identical to Kryptina save for its name and appearance.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dover Fueling Solutions (DFS) Equipment: ProGauge MAGLINK LX CONSOLE Vulnerabilities: Command Injection, Improper Privilege Management, Use of...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: OMNTEC Mfg., Inc. Equipment: Proteus Tank Monitoring Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Alisonic Equipment: Sibylla Vulnerability: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') 2. RISK...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Franklin Fueling Systems Equipment: TS-550 EVO Automatic Tank Gauge Vulnerability: Absolute Path Traversal 2. RISK EVALUATION Successful...