Security Bulletin

While all of the identified apps shared exact locations for their "filters" functionality, such an issue has already been addressed by the apps through the rounding up the exact coordinates that rendered oracle trilateration techniques ineffective.

Major U.S. pharmaceutical firm Cencora has disclosed that more personal and protected health information had been stolen than initially reported during a February cyberattack against a patient support services subsidiary.

Attacks by Cuckoo Spear may have involved the utilization of LODEINFO, which allows file theft, arbitrary shellcode execution, keystroke logging, process termination, and screenshot capturing, as an initial payload.

Major Mexican precious metals mining firm Fresnillo had its data compromised following a cyberattack against some of its IT systems.

Threat actors leveraged smishing campaigns to deploy BingoMod in the guise of mobile security tools, such as APP Protection, AVG AntiVirus & Security, and WebSecurity.

New DEV#POPPER attacks involved the utilization of interview lures to developers aimed at distributing a ZIP archive file, which when executed triggers the BeaverTail malware.

Attackers could deploy DDoS attacks to disrupt voter look-up systems and unofficial results reporting but not compromise election processes and internal systems to prevent the casting of votes.

Third-party access to data remains a serious security concern for enterprise IT executives.

It’s almost time for another year of cutting-edge research and innovative talks, as thousands of hackers and security professionals descend upon Las Vegas for Black Hat 2024.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.6 ATTENTION: Exploitable remotely Vendor: Johnson Controls Inc. Equipment: exacqVision Web Service Vulnerability: Permissive Cross-domain Policy with Untrusted Domains 2. RISK EVALUATION Successful...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: exacqVision Server Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability...