Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Threat Source newsletter (Oct. 27, 2022): I thought we were already aware of supply chain attacks?

Supply chain attacks were all the rage in 2020 after SolarWinds, but we seem to have forgotten how important they are.

TALOS
Open in Source
#vulnerability#web#ios#windows#apple#microsoft#cisco#js#git#java#perl#auth
New streaming ad technology plays hide-and-seek with gamers

Categories: News Tags: Amazon Tags: Twitch Tags: Prime Tags: streaming Tags: gamer Tags: gaming Tags: advert Tags: advertising Tags: in-game We take a look at new form of ad tech for Twitch streaming viewers, but not players. How does it work? Can it even be successful? (Read more...) The post New streaming ad technology plays hide-and-seek with gamers appeared first on Malwarebytes Labs.

CVE-2022-3095: sdk/CHANGELOG.md at master · dart-lang/sdk

The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the '\' characters in URIs, which can lead to auth bypass in webapps interpreting URIs. We recommend updating Dart or Flutter to mitigate the issue.

OneLayer Opens 5G Security Lab for Network Security Companies to Research Threats to Private Cellular Networks

Cybersecurity and telecom providers from around the world can now test their technologies and use cases in OneLayer's digital twin private network environment.

2022 Advisen-Zurich Survey Illuminates Growing Cybersecurity Concerns

Survey points to gaps in understanding of what's driving higher costs and limiting access to cyber insurance coverage — and what businesses can do about it.

Apple iOS and macOS Flaw Could've Let Apps Eavesdrop on Your Conversations with Siri

A now-patched security flaw in Apple's iOS and macOS operating systems could have potentially enabled apps with Bluetooth access to eavesdrop on conversations with Siri. Apple said "an app may be able to record audio using a pair of connected AirPods," adding it addressed the Core Bluetooth issue in iOS 16.1 with improved entitlements. Credited with discovering and reporting the bug in August

Apple MacOS Ventura Bug Breaks Third-Party Security Tools

Your anti-malware software may not work if you upgraded to the new operating system. But Apple says a fix is on the way.

iPhone zero-day. Update your devices now!

Categories: News Tags: iPhone Tags: iPad Tags: Apple Tags: zero day Tags: exploit Tags: bug Tags: threat Tags: CVE-2022-42847 A zero-day bug that affects iPhones and iPads is being exploited in the wild (Read more...) The post iPhone zero-day. Update your devices now! appeared first on Malwarebytes Labs.

CVE-2022-20933: Cisco Security Advisory: Cisco Meraki MX and Z3 Teleworker Gateway VPN Denial of Service Vulnerability

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit this vulnerability by crafting a malicious request and sending it to the affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to crash and restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and re-authenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. Cisco Meraki has released software updates that address this vulnera...