Remove Data structuring Remove Information Security Remove Security
article thumbnail

CISA adds NextGen Healthcare Mirth Connect flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

Cybersecurity and Infrastructure Security Agency (CISA) added a NextGen Healthcare Mirth Connect vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The issue, tracked as CVE-2023-43208 , is a Deserialization of Untrusted Data Vulnerability. The flaw impacts NextGen Healthcare Mirth Connect before version 4.4.1,

IT 110
article thumbnail

CISA adds Microsoft COM for Windows bug to its Known Exploited Vulnerabilities catalog

Security Affairs

Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft COM for Windows bug to its Known Exploited Vulnerabilities catalog. A deserialization of untrusted data vulnerability arises when an application deserializes data from an untrusted source without proper validation.

IT 117
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

StackRot, a new Linux Kernel privilege escalation vulnerability

Security Affairs

StackRot is s new security vulnerability in the Linux kernel that could be exploited to gain elevated privileges on a target system. A security vulnerability, dubbed StackRot was found impacting Linux versions 6.1 ” reads the advisory published by security researcher Ruihan Li from Peking University. through 6.4.

article thumbnail

Microsoft releases out-of-band update to fix Kerberos auth issues caused by a patch for CVE-2022-37966

Security Affairs

Microsoft released an out-of-band update to fix problems tied to a recent Windows security patch that caused Kerberos authentication issues. Microsoft released an out-of-band update to address issues caused by a recent Windows security patch that causes Kerberos authentication problems. Pierluigi Paganini.

article thumbnail

ZLoader Malware adds Zeus’s anti-analysis feature

Security Affairs

.” Zscaler observed that Zloader’s method of storing installation data to evade detection shows similarities to Zeus version 2.0.8, Instead of using the Registry, Zloader uses a data structure called PeSettings to store its configuration. albeit with a different implementation.

article thumbnail

Critical flaws in myPRO HMI/SCADA product could allow takeover vulnerable systems

Security Affairs

mySCADA myPRO is a multiplatform, human-machine interface (HMI) and supervisory control and data acquisition (SCADA) system that allows to visualize and control industrial processes. The security researcher Michael Heinzl discovered multiple vulnerabilities in the myPRO product, some of which have been rated as critical severity.

article thumbnail

Cisco Talos discovered 2 critical flaws in the popular OpenCV library

Security Affairs

The CVE-2019-5063 is a heap buffer overflow vulnerability that exists in the data structure persistence functionality of OpenCV 4.1.0. ” The CVE-2019-5064 vulnerability resides in the data structure persistence functionality of the same library and can be triggered by attackers using a specially crafted JSON file.