Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Apple warns people of mercenary attacks via threat notification system

Apple has sent alerts to people in 92 nations to say it's detected that they may have been a victim of a mercenary attack.

Malwarebytes
#vulnerability#ios#android#apple#asus#auth#zero_day#sap
Selecting the Right Authentication Protocol for Your Business

Prioritizing security and user experience will help you build a robust and reliable authentication system for your business.

How to protect yourself from online harassment

Don't wait for an online harassment campaign to unfairly target you or a loved one. Take these proactive steps today to stay safe.

GHSA-hjq6-52gw-2g7p: yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581)

### Summary The [patch that addressed CVE-2023-40581](https://github.com/yt-dlp/yt-dlp/commit/de015e930747165dbb8fcd360f8775fd973b7d6e) attempted to prevent RCE when using `--exec` with `%q` by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in `--exec`, along with this vulnerable behavior, was added to `yt-dlp` in version [2021.04.11](https://github.com/yt-dlp/yt-dlp/releases/tag/2021.04.11). ```cmd > yt-dlp "https://youtu.be/42xO6rVqf2E" --ignore-config -f 18 --exec "echo %(title)q" [youtube] Extracting URL: https://youtu.be/42xO6rVqf2E [youtube] 42xO6rVqf2E: Downloading webpage [youtube] 42xO6rVqf2E: Downloading ios player API JSON [youtube] 42xO6rVqf2E: Downloading android player API JSON [youtube] 42xO6rVqf2E: Downloading m3u8 information [info] 42xO6rVqf2E: Downloading 1 format(s): 18 [download] Destination: %CMDCMDLINE:~-1%&echo pwned&calc.exe [4...

Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks

A critical security flaw in the Rust standard library could be exploited to target Windows users and stage command injection attacks. The vulnerability, tracked as CVE-2024-24576, has a CVSS score of 10.0, indicating maximum severity. That said, it only impacts scenarios where batch files are invoked on Windows with untrusted arguments. "The Rust standard library did not properly escape

New Jamf Tools Give Enterprise IT Security and Compliance Controls

The device management company introduced a Fleet Hardening Score and Privilege Escalation (the good kind) to its endpoint security platform for Apple devices.

Why Liquid Cooling Systems Threaten Data Center Security & Our Water Supply

We are potentially encroaching on a water supply crisis if data center operators, utilities, and the government don't implement preventative measures now.

DerbyNet 9.0 inc/kisosks.inc Cross Site Scripting

DerbyNet version 9.0 suffers from a cross site scripting vulnerability in inc/kiosks.inc.

GAM3S.GG and Immutable Announce Partnership for Web3 Gaming Expansion

By Uzair Amir The partnership will bring millions of players into the Immutable web3 ecosystem while providing GAM3S.GG with the leading web3 gaming platform on the market. This is a post from HackRead.com Read the original post: GAM3S.GG and Immutable Announce Partnership for Web3 Gaming Expansion