As if 2 Ivanti vulnerabilities under exploit weren’t bad enough, now there are 3
Hackers looking to diversify began mass-exploiting a new vulnerability over the weekend. Enlarge (credit: Getty Images) Mass exploitation began over the weekend for yet another critical vulnerability in widely used VPN s.....»»
Why Apple Intelligence won’t run on older iPhones, or Vision Pro [U: Next year]
See Vision Pro update at the end of the piece. When asked why Apple Intelligence won’t be available on older iPhones, the company has so far said that the chips simply weren’t sufficiently powerful to provide a good experience. Responses would.....»»
Millions of iOS apps were exposed to security breach found in CocoaPods
Millions of iOS and macOS apps have been exposed to a security breach that could be used for potential supply-chain attacks, says an ArsTechnica report based on research by EVA Information Security. The exploit was found in CocoaPods, an open-source.....»»
Vulnerabilities found in Swift repository left millions of iPhone apps exposed
The open-source Swift and Objective-C repository, CocoaPods, had multiple vulnerabilities that left millions of iOS and macOS apps exposed to potential attacks for a decade, but it is now patched.CocoaPods leave millions of iOS and macOS apps vulnera.....»»
3 million iOS and macOS apps were exposed to potent supply-chain attacks
Apps that used code libraries hosted on CocoaPods were vulnerable for about 10 years. Enlarge (credit: Aurich Lawson) Vulnerabilities that went undetected for a decade left thousands of macOS and iOS apps susceptible to.....»»
Snowflake compromised? Attackers exploit stolen credentials
Have attackers compromised Snowflake or just their customers’ accounts and databases? Conflicting claims muddy the situation. What is Snowflake? Snowflake is cloud-based data storage and analytics company based in the US, and claims nearly 9,50.....»»
NIST says NVD will be back on track by September 2024
The National Institute of Standards and Technology (NIST) has awarded a contract for an unnamed company/organization to help them process incoming Common Vulnerabilities and Exposures (CVEs) for inclusion in the National Vulnerability Database (NVD),.....»»
PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)
Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command execution as root on certain Fortinet FortiSIEM appliances. CVE confusion FortiSIEM.....»»
RansomLord: Open-source anti-ransomware exploit tool
RansomLord is an open-source tool that automates the creation of PE files, which are used to exploit ransomware pre-encryption. “I created RansomLord to demonstrate ransomware is not invincible, has vulnerabilities and its developers make mista.....»»
The evolution of security metrics for NIST CSF 2.0
CISOs have long been spreadsheet aficionados, soaking up metrics and using them as KPIs for security progress. These metrics have traditionally measured specific systems or single indicators — vulnerabilities detected, percentage of vulnerabilities.....»»
Cybersecurity teams gear up for tougher challenges in 2024
In this Help Net Security video, Tom Gorup, VP of Security Services at Edgio, discusses the continually changing threat landscape. It is riddled with vulnerabilities that are frequently exploited and only intensify as geopolitics and state-sponsored.....»»
Widespread data silos slow down security response times
Although the goals and challenges of IT and security professionals intersect, 72% report security data and IT data are siloed in their organization, which contributes to corporate misalignment and elevated security risk, according to Ivanti. Leadersh.....»»
Researcher finds iOS exploit that lets developers create animated app icons
It’s been a while since Apple let developers provide alternative icons for their apps, so that users can change them whenever they want. However, except for Apple’s Clock and Calendar apps, the system has no animated or interactive icons – but.....»»
Clothed pig carcasses reveal the secrets of mummification—study provides insights for forensic scientists
It was the kind of task any competent seamstress has completed hundreds of times before: altering denim jeans and jerseys. But there was something different about this piece of work. Though our team of scientists were paying for it, we weren't her ul.....»»
Week in review: Google fixes yet another Chrome zero-day exploit, YouTube as a cybercrime channel
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274) For the eighth time this year, Google has released an emergency updat.....»»
The Artificial Intelligence Era Faces a Threat from Directed Energy Weapons
Autonomous and AI-enabled systems increasingly rely on optical and radio frequency sensors and significant computer power. They face growing vulnerabilities from directed-energy laser and microwave weapons.....»»
Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274)
For the eighth time this year, Google has released an emergency update for its Chrome browser that fixes a zero-day vulnerability (CVE-2024-5274) with an in-the-wild exploit. About CVE-2024-5274 As per usual, Google keeps technical details of the vul.....»»
AU10TIX Risk Assessment Model identifies potential vulnerabilities
AU10TIX launched a free Risk Assessment Model that enables businesses to conduct an initial assessment of their exposure to operational, security and identity fraud risk. Drawing insights from billions of transactions processed globally and years of.....»»
Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849)
Veeam has patched four vulnerabilities in Backup Enterprise Manager (VBEM), one of which (CVE-2024-29849) may allow attackers to bypass authentication and log in to its web interface as any user. With no user interaction required for remote exploitat.....»»
How small & medium businesses can stop Mac malware in its tracks
Some of us are old enough to remember the days when malware was strictly a Windows problem. Macs were more secure by design, but another key factor was that there weren’t enough of them in use to make Mac malware a sensible use of time for attacker.....»»
15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130)
Researchers have found 15 vulnerabilities in QNAP’s network attached storage (NAS) devices, and have released a proof-of-concept for one: an unauthenticated stack overflow vulnerability (CVE-2024-27130) that may be leveraged for remote code exe.....»»