Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Employee Management System 1.0 Insecure Settings

Employee Management System version 1.0 suffers from an ignored default credential vulnerability.

Packet Storm
Open in Source
#sql#xss#csrf#vulnerability#web#ios#mac#windows#apple#google#ubuntu#linux#debian#cisco#java#php#perl#auth#ruby#firefox
The AI Hangover is Here – The End of the Beginning

After a good year of sustained exuberance, the hangover is finally here. It’s a gentle one (for now), as the market corrects the share price of the major players (like Nvidia, Microsoft, and Google), while other players reassess the market and adjust priorities. Gartner calls it the trough of disillusionment, when interest wanes and implementations fail to deliver the promised breakthroughs.

Apple Prototypes and Corporate Secrets Are for Sale Online—If You Know Where to Look

On the hunt for corporate devices being sold secondhand, a researcher found a trove of Apple corporate data, a Mac Mini from the Foxconn assembly line, an iPhone 14 prototype, and more.

Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE

Microsoft on Thursday disclosed four medium-severity security flaws in the open-source OpenVPN software that could be chained to achieve remote code execution (RCE) and local privilege escalation (LPE). "This attack chain could enable attackers to gain full control over targeted endpoints, potentially resulting in data breaches, system compromise, and unauthorized access to sensitive information

New Flaws in Sonos Smart Speakers Allow Hackers to Eavesdrop on Users

Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eavesdrop on users. The vulnerabilities "led to an entire break in the security of Sonos's secure boot process across a wide range of devices and remotely being able to compromise several devices over the air," NCC Group security researchers Alex Plaskett and

Computer Crash Reports Are an Untapped Hacker Gold Mine

One hacker solved the CrowdStrike outage mystery with simple crash reports, illustrating the wealth of detail about potential bugs and vulnerabilities those key documents hold.

Surface Pro 3 BIOS False Health Attestation / TPM Carte Blanche

On Surface Pro 3 with the SHA1 and SHA256 PCRs enabled on the TPM, BIOS version 3.11.2550 and earlier, only the SHA1 PCRs are extended by the firmware. This means that an adversary can boot into an unmeasured OS and extend the PCRs with false measurements to obtain false attestations. This is a proof of concept exploit from Google.

Unlock the Future of Cybersecurity: Exclusive, Next Era AI Insights and Cutting-Edge Training at SANS Network Security 2024

The Immersive Experience Happening This September in Las Vegas!In an era of relentless cybersecurity threats and rapid technological advancement, staying ahead of the curve is not just a necessity, but critical. SANS Institute, the premier global authority in cybersecurity training, is thrilled to announce Network Security 2024, a landmark event designed to empower cybersecurity professionals

Creating Insecure AI Assistants With Microsoft Copilot Studio Is Easy

Microsoft claims 50,000 organizations are using its new Copilot Creation tool, but researcher Michael Bargury demonstrated at Black Hat USA ways it could unleash insecure chatbots.