Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Criminal IP Teams Up with IPLocation.io to Deliver Unmatched IP Solutions to Global Audiences

Torrance, United States / California, 12th September 2024, CyberNewsWire

HackRead
#vulnerability#web#ios#mac#git#intel#aws
UnDisruptable27 Project Wants to Shore Up Critical Infrastructure Security

The Institute for Security and Technology's UnDisruptable27 project connects technology firms with the public sector to strengthen US cyber defenses in case of attacks on critical infrastructure.

Apple Intelligence Promises Better AI Privacy. Here’s How It Actually Works

Private Cloud Compute is an entirely new kind of infrastructure that, Apple’s Craig Federighi tells WIRED, allows your personal data to be “hermetically sealed inside of a privacy bubble.”

VICIdial 2.14-917a Remote Code Execution

An attacker with authenticated access to VICIdial version 2.14-917a as an agent can execute arbitrary shell commands as the root user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.

Air-Gapped Networks Vulnerable to Acoustic Attack via LCD Screens

In the "PixHell" attack, sound waves generated by pixels on a screen can transmit information across seemingly impenetrable air gaps.

Hackers Use Fake Domains to Trick Trump Supporters in Trading Card Scam

Cybercriminals target Trump’s digital trading cards using phishing sites, fake domains, and social engineering tactics to steal sensitive…

'Ancient' MSFT Word Bug Anchors Taiwanese Drone-Maker Attacks

An attack dubbed "WordDrone" that uses an old flaw to install a backdoor could be related to previously reported cyber incidents against Taiwan's military and satellite industrial supply chain.

Gallup.com Bugs Open Door to Election Misinformation

Researchers flagged a pair of Gallup polling site XSS vulnerabilities that could have allowed malicious actors to execute arbitrary code, access sensitive data, or take over a victim account.

Gallup Addresses XSS Bugs in Website

Researchers flagged a pair of Gallup site XSS vulnerabilities.

CVE-2024-43469: Azure CycleCloud Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker with basic user permissions can send specially crafted requests to modify the configuration of an Azure CycleCloud cluster to gain Root level permissions enabling them to execute commands on any Azure CycleCloud cluster in the current instance and in some scenarios, compromise administrator credentials.