Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Ubuntu Security Notice USN-6567-1

Ubuntu Security Notice 6567-1 - Gaoning Pan and Xingwei Li discovered that QEMU incorrectly handled the USB xHCI controller device. A privileged guest attacker could possibly use this issue to cause QEMU to crash, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that QEMU incorrectly handled the TCG Accelerator. A local attacker could use this issue to cause QEMU to crash, leading to a denial of service, or possibly execute arbitrary code and escalate privileges. This issue only affected Ubuntu 20.04 LTS.

Packet Storm
Open in Source
#vulnerability#ios#mac#ubuntu#dos#intel#vmware#auth
Why Public Links Expose Your SaaS Attack Surface

Collaboration is a powerful selling point for SaaS applications. Microsoft, Github, Miro, and others promote the collaborative nature of their software applications that allows users to do more. Links to files, repositories, and boards can be shared with anyone, anywhere. This encourages teamwork that helps create stronger campaigns and projects by encouraging collaboration among employees

Linux 6.4 io_uring Use-After-Free

Linux versions 6.4 and above suffer from an io_uring page use-after-free vulnerability via buffer ring mmap.

io_uring __io_uaddr_map() Dangerous Multi-Page Handling

__io_uaddr_map() in io_uring suffers from dangerous handling of the multi-page region.

Poisoned Data, Malicious Manipulation: NIST Study Reveals AI Vulnerabilities

By Waqas NIST Unveils Insights on AI Vulnerabilities and Potential Threats.w This is a post from HackRead.com Read the original post: Poisoned Data, Malicious Manipulation: NIST Study Reveals AI Vulnerabilities

Supercharging chaos testing using AI

There has been a huge increase in demand for running complex systems with tens to hundreds of microservices at massive scale. End users expect 24/7 availability of services they depend on, so even a few minutes of downtime matters. A proactive chaos engineer helps meet user expectations by identifying bottlenecks, hardening services before downtime occurs in a production environment. Chaos engineering is vital to avoid losing trust with your end users.To help address the need for a resilient Kubernetes platform and provide improved user experiences, Red Hat collaborates with the open source co

How to Be More Anonymous Online

Being fully anonymous is next to impossible—but you can significantly limit what the internet knows about you by sticking to a few basic rules.

GHSA-xgpm-q3mq-46rq: PrestaShop some attribute not escaped in Validate::isCleanHTML method

### Description Some event attributes are not detected by the isCleanHTML method ### Impact Some modules using the isCleanHTML method could be vulnerable to xss ### Patches 8.1.3, 1.7.8.11 ### Workarounds The best workaround is to use the `HTMLPurifier` library to sanitize html input coming from users. The library is already available as a dependency in the PrestaShop project. Beware though that in legacy object models, fields of `HTML` type will call `isCleanHTML`. ### Reporters Reported by Antonio Russo (@Antonio-R1 on GitHub) and Antonio Rocco Spataro (@antoniospataro on GitHub).

Microsoft disables ms-appinstaller after malicious use

Microsoft decided to disable App Installer links by default after it noticed several access brokers using the handler to spread malware.

What It’s Like to Use Apple’s Lockdown Mode

If you're at high risk of being targeted by mercenary spyware, or just don't mind losing iOS features for extra security, the company's restricted mode is surprisingly usable.