IP Surveillance Bugs in Axis Gear Allow RCE, Data Theft
Three security vulnerabilities in Axis video products could open up the door to a bevy of different cyberattacks on businesses.
Three vulnerabilities in the IP video-surveillance systems created by Axis...
Technical Advisory – Open5GS Stack Buffer Overflow During PFCP Session Establishment on UPF (CVE-2021-41794)
Vendor: Open5GS
Vendor URL: https://github.com/open5gs/open5gs
Versions affected: 1.0.0 to 2.3.3
Systems Affected: Linux
Author: mark.tedmannccgroupcom
Advisory URL / CVE Identifier: CVE-2021-41794
Risk: CVSSv3.1: 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H)
Summary
When connecting to the UPF port for the PFCP protocol (8805)...
Apache Web Server Zero-Day Exposes Sensitive Data
The open-source project has rolled out a security fix for CVE-2021-41773, for which public cyberattack exploit code is circulating.
Apache Software has quickly issued a fix for a zero-day security...
Technical Advisory – NULL Pointer Derefence in McAfee Drive Encryption (CVE-2021-23893)
Vendor: McAfee
Vendor URL: https://kc.mcafee.com/corporate/index?page=content&id=sb10361
Versions affected: Prior to 7.3.0 HF1
Systems Affected: Windows OSs without NULL page protection
Author: Balazs Bucsay @xoreipeip
CVE Identifier: CVE-2021-23893
Risk: 8.8 - CWE-269: Improper Privilege Management
Summary
McAfee’s...
MFA Glitch Leads to 6K+ Coinbase Customers Getting Robbed
Coinbase suspects phishing led to attackers getting personal details needed to access wallets but also blamed a flaw in its SMS-based 2FA.
The accounts of at least 6,000 Coinbase...
Google Emergency Update Fixes Two Chrome Zero Days
This is the second pair of zero days that Google’s fixed this month, all four of which have been actively exploited in the wild.
Google has pushed out an...
New APT ChamelGang Targets Russian Energy, Aviation Orgs
First appearing in March, the group has been leveraging ProxyShell against targets in 10 countries and employs a variety of malware to steal data from compromised networks.
A new APT...
Apple Pay with Visa Hacked to Make Payments via Unlocked iPhones
Researchers have demonstrated that someone could use a stolen, unlocked iPhone to pay for thousands of dollars of goods or services, no authentication needed.
An attacker who steals a locked...
Tips & Tricks for Unmasking Ghoulish API Behavior
Jason Kent, hacker-in-residence at Cequence Security, discusses how to track user-agent connections to mobile and desktop APIs, to spot malicious activity.
I was analyzing one of my customer’s API traffic...
Technical Advisory – Garuda Linux Insecure User Creation (CVE-2021-3784)
Vendor: Garuda Linux
Vendor URL: https://garudalinux.org/
Versions affected: previous commit 29b03856
Systems Affected: Garuda Linux user creation panel
Author: Jesus Olmos
CVE Identifier: CVE-2021-3784
Risk: 4.4 - Local user impersonation in the...
