Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

CVE-2021-40604: 4.6.2

A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names dynamically. In some cases an exploitation is possible by an unauthenticated user.

CVE
#sql#csrf#vulnerability#web#ios#apple#google#microsoft#amazon#redis#js#java#wordpress#php#perl#ssrf#oauth#auth#firefox
Cybercriminals use reverse tunneling and URL shorteners to launch ‘virtually undetectable’ phishing campaigns

New hacking technique allows threat actors to evade some of the most effective phishing countermeasures

CVE-2022-1969: mobile-browser-color-select.php in mobile-browser-color-select/trunk – WordPress Plugin Repository

The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the admin_update_data() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Bluetooth Signals Can Be Abused To Detect and Track Smartphones

By Deeba Ahmed Even unpaired smartphones are vulnerable to tracking. According to a study  by the University of California San Diego’s engineers,… This is a post from HackRead.com Read the original post: Bluetooth Signals Can Be Abused To Detect and Track Smartphones

How China Hacked US Phone Networks

Plus: Russia rattles its cyber sword, a huge Facebook phishing operation is uncovered, feds take down the SSNDOB marketplace, and more.

MIT Researchers Discover New Flaw in Apple M1 CPUs That Can't Be Patched

A novel hardware attack dubbed PACMAN has been demonstrated against Apple's M1 processor chipsets, potentially arming a malicious actor with the capability to gain arbitrary code execution on macOS systems. It leverages "speculative execution attacks to bypass an important memory protection mechanism, ARM Pointer Authentication, a security feature that is used to enforce pointer integrity," MIT

Design Weakness Discovered in Apple M1 Kernel Protections

The proof-of-concept attack from MIT CSAIL researchers undermines the pointer authentication feature used to defend the Apple chip's OS kernel.

Feds Forced Travel Firms to Share Surveillance Data on Hacker

Sabre and Travelport had to report the weekly activities of former “Cardplanet” cybercriminal Aleksei Burkov for two years, info that eventually led to his arrest and prosecution.

How AI Is Useful — and Not Useful — for Cybersecurity

AI works best when security professionals and AI are complementing each other.

New Privacy Framework for IoT Devices Gives Users Control Over Data Sharing

A newly designed privacy-sensitive architecture aims to enable developers to create smart home apps in a manner that addresses data sharing concerns and puts users in control over their personal information.  Dubbed Peekaboo by researchers from Carnegie Mellon University, the system "leverages an in-home hub to pre-process and minimize outgoing data in a structured and enforceable manner before