Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

A New Phone Scanner That Detects Spyware Has Already Found 7 Pegasus Infections

The mobile device security firm iVerify has been offering a tool since May that makes spyware scanning accessible to anyone—and it’s already turning up victims.

Wired
Open in Source
#ios#android#mac#intel#asus
Digital Certificates With Shorter Lifespans Reduce Security Vulnerabilities

Proposals from Google and Apple drastically reduce the life cycle of certificates, which should mean more oversight — and hopefully better control.

'White FAANG' Data Export Attack: A Gold Mine for PII Threats

Websites these days know everything about you — even some details you might not realize. Hackers can take advantage of that with a sharp-toothed attack that exploits Europe's GDPR-mandated data portability rules.

The Ultimate Guide to Designing a Logo Online: Tools, Tips, and Tricks

A logo is more than just a visual element—it’s the cornerstone of your brand identity. It communicates your…

'Bootkitty' First Bootloader to Take Aim at Linux

Though it's still just a proof of concept, the malware is functional and can evade the Secure Boot process on devices from multiple vendors.

SmokeLoader Malware Exploits MS Office Flaws to Steal Browser Credentials

SmokeLoader malware has resurfaced with enhanced capabilities and functionalities, targeting your personal data.

GHSA-h924-8g65-j9wg: Traefik's X-Forwarded-Prefix Header still allows for Open Redirect

### Impact There is a vulnerability in Traefik that allows the client to provide the `X-Forwarded-Prefix` header from an untrusted source. ### Patches - https://github.com/traefik/traefik/releases/tag/v2.11.14 - https://github.com/traefik/traefik/releases/tag/v3.2.1 ### Workarounds No workaround. ### For more information If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues). <details> <summary>Original Description</summary> ### Summary The previously reported open redirect ([GHSA-6qq8-5wq3-86rp](https://github.com/traefik/traefik/security/advisories/GHSA-6qq8-5wq3-86rp)) is not fixed correctly. The safePrefix function can be tricked to return an absolute URL. ### Details The Traefik API [dashboard component](https://github.com/traefik/traefik/blob/master/pkg/api/dashboard/dashboard.go) tries to validate that the value of the header X-Forwarded-Prefix is a site relative path: ```go http.Redirect(resp, req,...

Incident Response Playbooks: Are You Prepared?

The playbooks that accompany your incident response plan provide efficiency and consistency in responses, help reduce downtime and dwell time, and can be a cost-saving and reputational-saving measure for your organization.

Why Simulating Phishing Attacks Is the Best Way to Train Employees

Despite advancements in cybersecurity tools, human vulnerability remains the weakest link, with phishing among the most dangerous forms…

Godot Engine Exploited to Spread Malware on Windows, macOS, Linux

Check Point Research has discovered cybercriminals exploiting the popular Godot Game Engine to deliver malicious software. Discover the techniques used by attackers and how to protect yourself from these threats.