Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Facebook Trains Its AI on Your Data. Opting Out May Be Futile

Here's how to request that your personal information not be used to train Meta's AI model. "Request" is the operative word here.

Wired
Open in Source
#web#git#intel#sap
WordPress Newsletter 7.8.9 Cross Site Scripting

WordPress Newsletter plugin versions 7.8.9 and below suffer from a persistent cross site scripting vulnerability.

Ubuntu Security Notice USN-6348-1

Ubuntu Security Notice 6348-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.

Ubuntu Security Notice USN-6346-1

Ubuntu Security Notice 6346-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information.

Eight vulnerabilities in Open Automation Software Platform could lead to information disclosure, improper authentication

OAS Platform allows various devices, including PLCs, servers, files, databases and internet-of-things platforms to communicate with one another and share data when they otherwise would be unable to because of their various protocols.

New Agent Tesla Variant Uses Excel Exploit to Infect Windows PCs

By Deeba Ahmed FortiGuard Discovers Phishing Campaign Distributing New Agent Tesla Variant to Windows Devices. This is a post from HackRead.com Read the original post: New Agent Tesla Variant Uses Excel Exploit to Infect Windows PCs

CVE-2021-39859: Adobe Security Bulletin

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

How China Demands Tech Firms Reveal Hackable Flaws in Their Products

Some foreign companies may be complying—potentially offering China’s spies hints for hacking their customers.

Generative AI’s Biggest Security Flaw Is Not Easy to Fix

Chatbots like Open AI’s ChatGPT and Google’s Bard are vulnerable to indirect prompt injection attacks. Security researchers say the holes can be plugged—sort of.

CVE-2023-4779: User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20230811 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Wordfence Intelligence

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [usp_gallery] shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.