Tag
#ios
An insurance company is accused of unlawfully collecting, using, and selling location data from millions of people's cell phones.
This issue was identified during Quarkslab's audit of the timestamp feature. ### Summary During the timestamp signature generation, the revocation status of the certificate(s) used to generate the timestamp signature was not verified. ### Details During timestamp signature generation, notation-go did not check the revocation status of the certificate chain used by the TSA. This oversight creates a vulnerability that could be exploited through a Man-in-The-Middle attack. An attacker could potentially use a compromised, intermediate, or revoked leaf certificate to generate a malicious countersignature, which would then be accepted and stored by `notation`. ### Impact This could lead to denial of service scenarios, particularly in CI/CD environments during signature verification processes because timestamp signature would fail due to the presence of a revoked certificate(s) potentially disrupting operations.
New year, same story. Despite Ivanti's commitment to secure-by-design principles, threat actors — possibly the same ones as before — are exploiting its edge devices for the nth time.
Since 2019, MirrorFace has been stealing information from myriad Japanese organizations to gain leverage over Japan in the event of hostilities between the two countries, experts said.
In my experience as a sysadmin, I have often found network connectivity issues challenging to troubleshoot. For those situations, tcpdump is a great ally.Take the course: Getting started with Linux fundamentalsTcpdump is a command-line utility that allows you to capture and analyze network traffic going through your system. It is often used to help troubleshoot network issues, as well as a security tool.A powerful and versatile tool that includes many options and filters, tcpdump can be used in a variety of cases. Because it's a command-line tool, it is ideal to run in remote servers or device
A hack of location data company Gravy Analytics has revealed which apps are—knowingly or not—being used to collect your information behind the scenes.
Discover how AI revolutionizes cybersecurity with real-time threat detection, adaptive protection, and advanced data protection to combat evolving…
Explore top cybersecurity risks in crypto, including phishing, ransomware, and MitM attacks. Learn practical tips to safeguard your…
Low-code/no-code (LCNC) and robotic process automation (RPA) technologies allow companies to speed up development processes and reduce costs, but security is often overlooked. When this happens, the risks can outweigh the benefits.