Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

UnDisruptable27 Project Wants to Shore Up Critical Infrastructure Security

The Institute for Security and Technology's UnDisruptable27 project connects technology firms with the public sector to strengthen US cyber defenses in case of attacks on critical infrastructure.

DARKReading
#ios#auth
Apple Intelligence Promises Better AI Privacy. Here’s How It Actually Works

Private Cloud Compute is an entirely new kind of infrastructure that, Apple’s Craig Federighi tells WIRED, allows your personal data to be “hermetically sealed inside of a privacy bubble.”

VICIdial 2.14-917a Remote Code Execution

An attacker with authenticated access to VICIdial version 2.14-917a as an agent can execute arbitrary shell commands as the root user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.

Air-Gapped Networks Vulnerable to Acoustic Attack via LCD Screens

In the "PixHell" attack, sound waves generated by pixels on a screen can transmit information across seemingly impenetrable air gaps.

Hackers Use Fake Domains to Trick Trump Supporters in Trading Card Scam

Cybercriminals target Trump’s digital trading cards using phishing sites, fake domains, and social engineering tactics to steal sensitive…

'Ancient' MSFT Word Bug Anchors Taiwanese Drone-Maker Attacks

An attack dubbed "WordDrone" that uses an old flaw to install a backdoor could be related to previously reported cyber incidents against Taiwan's military and satellite industrial supply chain.

Gallup Addresses XSS Bugs in Website

Researchers flagged a pair of Gallup site XSS vulnerabilities.

Gallup.com Bugs Open Door to Election Misinformation

Researchers flagged a pair of Gallup polling site XSS vulnerabilities that could have allowed malicious actors to execute arbitrary code, access sensitive data, or take over a victim account.

CVE-2024-43469: Azure CycleCloud Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker with basic user permissions can send specially crafted requests to modify the configuration of an Azure CycleCloud cluster to gain Root level permissions enabling them to execute commands on any Azure CycleCloud cluster in the current instance and in some scenarios, compromise administrator credentials.

CVE-2024-43482: Microsoft Outlook for iOS Information Disclosure Vulnerability

**How do I get the update for Outlook for IOS?** 1. Tap the Settings Icon 2. Tap the iTunes & App Store 3. Turn on AUTOMATIC DOWNLOADS for Apps **Alternatively** 1. Tap the App Store Icon 2. Scroll down to find Microsoft Outlook 3. Tap the Update button