Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

336K Prometheus Instances Exposed to DoS, 'Repojacking'

Open source Prometheus servers and exporters are leaking plaintext passwords and tokens, along with API addresses of internal locations.

DARKReading
Open in Source
#web#mac#apple#amazon#dos#git#kubernetes#intel#rce#aws#auth#docker
Chinese Cops Caught Using Android Spyware to Track Mobile Devices

Law enforcement across mainland China have been using EagleMsgSpy surveillance tool to collect mobile device data since at least 2017, new research shows.

Efforts to Secure US Telcos Beset by Salt Typhoon Might Fall Flat

The rules necessary to secure US communications have already been in place for 30 years, argues Sen. Wyden, the FCC just hasn't enforced them. It's unclear if they will help.

Update now! Apple releases new security patches for vulnerabilities in iPhones, Macs, and more

Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS.

Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS

Details have emerged about a now-patched security vulnerability in Apple's iOS and macOS that, if successfully exploited, could sidestep the Transparency, Consent, and Control (TCC) framework and result in unauthorized access to sensitive information. The flaw, tracked as CVE-2024-44131 (CVSS score: 5.3), resides in the FileProvider component, per Apple, and has been addressed with improved

Symmetrical Cryptography Pioneer Targets the Post-Quantum Era

Researchers at Cavero have created a correlating numbers mechanism, adding a layer of privacy that even threat actors can't gain enough information to breach.

Sprawling 'Operation Digital Eye' Attack Targets European IT Orgs

A Chinese threat actor infiltrated several IT and security companies in a bring-your-own VS code, with an eye to carrying out a supply-chain-based espionage attack.

How Art Appreciation Supplements Cybersecurity Skills

Using different parts of our brains gives us different perspectives on the world around us and new approaches to the problems we face in security.

GHSA-r6wx-627v-gh2f: Directus has an HTML Injection in Comment

### Summary The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection. ### Details The Comment feature implements a character filter on the client-side, this can be bypassed by directly sending a request to the endpoint. Example Request: ``` PATCH /activity/comment/3 HTTP/2 Host: directus.local { "comment": "<h1>TEST <p style=\"color:red\">HTML INJECTION</p> <a href=\"//evil.com\">Test Link</a></h1>" } ``` Example Response: ```json { "data": { "id": 3, "action": "comment", "user": "288fdccc-399a-40a1-ac63-811bf62e6a18", "timestamp": "2023-09-06T02:23:40.740Z", "ip": "10.42.0.1", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36", "collection": "directus_files", "item": "7247dda1-c386-4e7a-...

Chinese Hackers Breach US Firm, Maintain Network Access for Months

SUMMARY A large U.S. company with operations in China fell victim to a large-scale cyberattack earlier this year,…