Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

OpenText Cybersecurity Unveils 2024's Nastiest Malware

DARKReading
Open in Source
#vulnerability#web#ios#intel
Toolkit Vastly Expands APT41's Surveillance Powers

The China-affiliated group is using the highly modular DeepData framework to target organizations in South Asia.

These Guys Hacked AirPods to Give Their Grandmas Hearing Aids

Three technologists in India used a homemade Faraday cage and a microwave oven to get around Apple’s location blocks.

Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download

Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass.

How CISOs Can Lead the Responsible AI Charge

CISOs understand the risk scenarios that can help create safeguards so everyone can use AI safely and focus on the technology's promises and opportunities.

Warning: Online shopping threats to avoid this Black Friday and Cyber Monday 

Where there’s a gift to be bought, there’s also a scammer out to make money. Here's how to stay safe this shopping season.

2 Zero-Day Bugs in Microsoft's Nov. Update Under Active Exploit

The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs that have been previously disclosed and could soon come under attack.

Hitachi Energy TRO600

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: TRO600 Series Vulnerabilities: Command Injection, Improper Removal of Sensitive Information Before Storage or Transfer 2. RISK EVALUATION Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensively than the write privilege intends. Profile files from TRO600 series radios are extracted in plain-text and encrypted file formats. Profile files provide potential attackers valuable configuration information about the Tropos network. Profiles can only be exported by authenticated users with write access. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products of Hitachi Energy are affected: Hitachi Energy TRO600 series firmware versions...

The WIRED Guide to Protecting Yourself From Government Surveillance

Donald Trump has vowed to deport millions and jail his enemies. To carry out that agenda, his administration will exploit America’s digital surveillance machine. Here are some steps you can take to evade it.

CVE-2024-43602: Azure CycleCloud Remote Code Execution Vulnerability

**How could an attacker exploit this vulnerability?** An attacker with basic user permissions can send specially crafted requests to modify the configuration of an Azure CycleCloud cluster to gain Root level permissions enabling them to execute commands on any Azure CycleCloud cluster in the current instance and in some scenarios, compromise administrator credentials.