Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Elon Musk’s DOGE Is Being Sued Under the Privacy Act: What to Know

At least eight ongoing lawsuits related to the so-called Department of Government Efficiency’s alleged access to sensitive data hinge on the Watergate-inspired Privacy Act of 1974. But it’s not airtight.

Wired
#ios#git
Hard drives containing sensitive medical data found in flea market

A flea market buyer found medical information about hundreds of patients on second hand decommissioned hard drives.

The Official DOGE Website Launch Was a Security Mess

Plus: Researchers find RedNote lacks basic security measures, surveillance ramps up around the US-Mexico border, and the UK ordering Apple to create an encryption backdoor comes under fire.

Scammers Exploit JFK Files Release with Malware and Phishing

Veriti Research reported a developing cyber threat campaign centred around the declassification and release of the RFK, MLK…

ClearML and Nvidia vulns

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities in ClearML and four vulnerabilities in Nvidia.  The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.    For Snort

Salt Typhoon Exploits Cisco Devices in Telco Infrastructure

The China-sponsored state espionage group has exploited known, older bugs in Cisco gear for successful cyber intrusions on six continents in the past two months.

Changing the narrative on pig butchering scams

Hazel discusses Interpol’s push to rename pig butchering scams as ‘romance baiting’. Plus, catch up on the latest vulnerability research from Talos, and why a recent discovery is a “rare industry win”.

FortiOS Vulnerability Allows Super-Admin Privilege Escalation – Patch Now!

Super-admin access vulnerability discovered in FortiOS Security Fabric. Exploitation could lead to widespread network breaches. Update now. Fortinet has…

Siemens RUGGEDCOM APE1808 Devices

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM APE1808 Devices Vulnerabilities: Out-of-bounds Read, Insertion of Sensitive Information Into Sent Data, Allocation of Resources Without Limits or Throttling, Integer Overflow or Wraparound, Path Traversal, Out-of-bounds Write, HTTP Request/Response Splitting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of service condition, perform a machine-in-the middle attack (MITM), escalate privileges, execute unauthorized code, and access unauthorized systems and information. 3. TECHNICAL DET...

China’s Salt Typhoon Spies Are Still Hacking Telecoms—Now by Exploiting Cisco Routers

Despite high-profile attention and even US sanctions, the group hasn’t stopped or even slowed its operation, including the breach of two more US telecoms.