Synopsis has published an advisory warning of multiple vulnerabilities across three different Android remote mouse and keyboard apps with a combined install count of about two million. The apps are at risk from remote code execution (RCE), and there’s no sign of a fix coming anytime, ever. Bleeping Computer notes that the issues were first discovered a

In the Android security bulletin of December 5, 2022 you can find an overview of the security vulnerabilities affecting Android devices that are fixed in patch level 2022-12-05 or later. The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution over Bluetooth with no additi

Cybersecurity solutions provider Fortinet this week announced patches for multiple vulnerabilities across its products, including a high-severity authentication bypass impacting FortiOS and FortiProxy.Tracked as CVE-2022-35843 (CVSS score of 7.7), the authentication bypass was identified in the SSH login component of FortiOS. The bug can only be triggered wh

The creators of the FreeBSD operating system have released updates meant to resolve a vulnerability within the ping module. The vulnerability, identified as CVE-2022-23093, could be exploited to crash the program or trigger remote code execution, and affects all supported versions of FreeBSD.Last week, an advisory was published, explaining the issue in furth

Researchers have recently discovered a security vulnerability that allows threat actors to remotely attack vehicles through a service provided by SiriusXM. Models from carmakers Nissan, Honda, Acura, and Infiniti have been victims of this new method so far.Researcher Sam Curry stated last week on Twitter that the flaw could be used to unlock, start, locate,

To gain control of infected systems and, likely, to construct a botnet network, a new Go-based malware is targeting Redis servers. The attacks exploited a critical security flaw to plant a hidden backdoor and enable command execution.Redis (Remote Dictionary Server) is an open-source, in-memory data structure store, used by developers as a database, cache, a

------------------------------------------------------------------Drupal H5P Module <= 2.0.0 (isValidPackage) Zip Slip Vulnerability------------------------------------------------------------------[-] Software Link:https://www.drupal.org/project/h5p[-] Affected Versions:Version 2.0.0-alpha2 and prior versions.Version 7.x-1.50 and prior versions.[-] Vulne

IBM recently patched a vulnerability in IBM Cloud Databases for PostgreSQL that could have exposed users to supply chain attacks.The vulnerability has been named Hell’s Keychain by cloud security firm Wiz, whose researchers discovered the issue. It has been described by the company as a “first-of-its-kind supply-chain attack vector impacting a cloud provider

This is new: Newly revealed research shows that a number of major car brands, including Honda, Nissan, Infiniti, and Acura, were affected by a previously undisclosed security bug that would have allowed a savvy hacker to hijack vehicles and steal user data. According to researchers, the bug was in the car’s Sirius XM telematics infrastructure and would

Vulnerabilities in network components, architecture files, and developer tools have become increasingly popular attack vectors to gain access into secure networks and devices. External tools and products that are managed by vendors and developers can pose a security risk, especially to targets in sensitive industries. Attacks on software and hardware supply

The US Cybersecurity and Infrastructure Security Agency (CISA) on Monday warned organizations that a critical Oracle Fusion Middleware vulnerability patched in early 2022 is being exploited in attacks.The security hole, tracked as CVE-2021-35587, impacts Oracle Access Manager, which provides the Oracle Fusion Middleware single sign-on (SSO) solution. The aff

Security researchers at Cyble have observed initial access brokers (IABs) selling access to enterprise networks likely compromised via a recently patched critical vulnerability in Fortinet products.Tracked as CVE-2022-40684 and impacting FortiOS, FortiProxy, and FortiSwitchManager products, the vulnerability was publicly disclosed in early October, when it w

A vulnerability impacting multiple Acer laptop models could allow an attacker to disable the Secure Boot feature and bypass security protections to install malware.Tracked as CVE-2022-4020 (CVSS score of 8.1), the vulnerability was identified in the HQSwSmiDxe DXE driver, which checks for the existence of the ‘BootOrderSecureBootDisable’ NVRAM variable to di

Amazon Web Services (AWS) fixed a cross-tenant vulnerability that could have allowed attackers to gain unauthorized access to resources. Amazon Web Services (AWS) has addressed a cross-tenant confused deputy problem in its platform that could have allowed threat actors to gain unauthorized access to resources. The problem was reported to the company by re

Some people still believe their IT infrastructure is unflawed simply because they’ve never experienced a cybersecurity incident – until something goes wrong and the company becomes the victim of a malware attack or a data leak. This is why proactively finding security flaws and minimizing loopholes is an utter necessity for organizations large and smal