-
CVE-2024-23973 – Silicon Labs Gecko OS HTTP GET Request Buffer Overflow Allows Arbitrary Code Execution over the Network
CVE ID : CVE-2024-23973 Published : Jan. 31, 2025, 12:15 a.m. | 1 day, 3 hours ago Description : This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HTTP GET requests. The issue…
-
CVE-2024-23969 – ChargePoint Home Flex Rce (Buffer Overflow)
CVE ID : CVE-2024-23969 Published : Jan. 31, 2025, 12:15 a.m. | 1 day, 3 hours ago Description : This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the wlanchnllst function. The issue results from…
-
CVE-2024-23963 – Alpine Halo9 Bluetooth PBAP Code Execution Vulnerability
CVE ID : CVE-2024-23963 Published : Jan. 31, 2025, 12:15 a.m. | 1 day, 3 hours ago Description : This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine Halo9 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this…
-
CVE-2024-23968 – ChargePoint Home Flex Stack Based Buffer Overflow
CVE ID : CVE-2024-23968 Published : Jan. 31, 2025, 12:15 a.m. | 1 day, 3 hours ago Description : This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SrvrToSmSetAutoChnlListMsg function. The issue results from…
-
CVE-2024-23928 – Pioneer DMH-WT7600NEX Certificate Validation Vulnerability
CVE ID : CVE-2024-23928 Published : Jan. 31, 2025, 12:15 a.m. | 1 day, 3 hours ago Description : This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of Pioneer DMH-WT7600NEX devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the telematics functionality, which operates over…
-
Best practices for key derivation
By Marc Ilunga Key derivation is essential in many cryptographic applications, including key exchange, key management, secure communications, and building robust cryptographic primitives. But it’s also easy to get wrong: although standard tools exist for different key derivation needs, our audits often uncover improper uses of these tools that could compromise key security. Flickr’s API…
-
Fake Reddit and WeTransfer Sites are Pushing Malware
There are thousands of fake Reddit and WeTransfer webpages that are pushing malware. They exploit people who are using search engines to search sites like Reddit. Unsuspecting victims clicking on the link are taken to a fake WeTransfer site that mimicks the interface of the popular file-sharing service. The ‘Download’ button leads to the Lumma…
-
Friday Squid Blogging: On Squid Brains
Interesting. Blog moderation policy. Interesting. Blog moderation policy. Go to Source
-
Living with AI: The Future We Once Imagined
Living with AI: The Future We Once Imagined Smartphones, smart homes, and virtual assistants like Alexa and Siri have seamlessly integrated into our daily lives. Yet, many of us rarely stop to think about the technology behind them. We enjoy the convenience these devices offer, but behind the scenes, artificial intelligence (AI) is reshaping the…
-
ExxonMobil Lobbyist Caught Hacking Climate Activists
The Department of Justice is investigating a lobbying firm representing ExxonMobil for hacking the phones of climate activists: The hacking was allegedly commissioned by a Washington, D.C., lobbying firm, according to a lawyer representing the U.S. government. The firm, in turn, was allegedly working on behalf of one of the world’s largest oil and gas…