Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

There Are Dark Corners of the Internet. Then There's 764

A global network of violent predators is hiding in plain sight, targeting children on major platforms, grooming them, and extorting them to commit horrific acts of abuse.

Wired
Open in Source
#web#mac#microsoft#git#acer
Patch Tuesday, March 2024 Edition

Apple and Microsoft recently released software updates to fix dozens of security holes in their operating systems. Microsoft today patched at least 60 vulnerabilities in its Windows OS. Meanwhile, Apple's new macOS Sonoma addresses at least 68 security weaknesses, and its latest updates for iOS fixes two zero-day flaws.

US Lawmaker Cited NYC Protests in a Defense of Warrantless Spying

A closed-door presentation for House lawmakers late last year portrayed American anti-war protesters as having possible ties to Hamas in an effort to kill privacy reforms to a major US spy program.

Another Patch Tuesday with no zero-days, only two critical vulnerabilities disclosed by Microsoft

March’s Patch Tuesday is relatively light, containing 60 vulnerabilities — only two labeled “critical.”

GHSA-95rx-m9m5-m94v: ASA-2024-006: ValidateVoteExtensions helper function in Cosmos SDK may allow incorrect voting power assumptions

## ASA-2024-006: ValidateVoteExtensions helper function may allow incorrect voting power assumptions **Component**: Cosmos SDK **Criticality**: High **Affected Versions**: Cosmos SDK versions <= 0.50.4, on 0.50 branches **Affected Users**: Chain developers, Validator and Node operators **Impact**: Elevation of Privilege ## Summary The default `ValidateVoteExtensions` helper function infers total voting power based off of the injected `VoteExtension`, which are injected by the proposer. If your chain utilizes the `ValidateVoteExtensions` helper in `ProcessProposal`, a dishonest proposer can potentially mutate voting power of each validator it includes in the injected `VoteExtension`, which could have potentially unexpected or negative consequences on modified state. Additional validation on injected `VoteExtension` data was added to confirm voting power against the state machine. ## Next Steps for Impacted Parties If you are a chain developer on an affected version of the Cosmos ...

CVE-2024-21419: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.

Going viral shouldn&#8217;t lead to bomb threats, with Leigh Honeywell: Lock and Code S05E06

This week on the Lock and Code podcast, we speak with Leigh Honeywell about the cybersecurity defenses to online harassment.

DataCube3 1.0 Shell Upload

DataCube3 version 1.0 suffers from a remote shell upload vulnerability.

Google Is Getting Thousands of Deepfake Porn Complaints

Content creators are using copyright laws to get nonconsensual deepfakes removed from the web. With the complaints covering nearly 30,000 URLs, experts say Google should do more to help.

Russian Hackers Stole Microsoft Source Code—and the Attack Isn’t Over

Plus: An ex-Google engineer gets arrested for allegedly stealing trade secrets, hackers breach the top US cybersecurity agency, and X’s new feature exposes sensitive user data.