#mac

By Habiba Rashid Operating from Europe, Lolek Hosted offered services that shielded clients' identities and turned a blind eye to the content they posted. This is a post from HackRead.com Read the original post: Feds Seize Bulletproof Hosting Service ”Lolek Hosted”

Ever had a virtual machine crash? Azure Serial console is a great way to directly connect to your Virtual machine and debug what went wrong. Azure Serial Console is a feature that’s available for free for everyone. While the primary intent of this feature is to assist users debug their machine, there are several interesting ways to abuse the features and compromise sensitive information.

Peer-pods, also known as the Kata remote hypervisor, enable the creation of Kata Virtual Machines (VM) on any environment, be it on-prem or in the cloud, without requiring bare metal servers or nested virtualization support. This is accomplished by extending Kata containers runtime to manage the VM lifecycle using cloud provider APIs (e.g., AWS, Azure) or third-party hypervisor APIs (such as VMware vSphere). Since peer-pods are separate VMs alongside the Kubernetes node, traditional Container Storage Interface (CSI) cannot function properly within them, and different solutions are required.

An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel, even if this traffic is not generated by the VPN client, while simultaneously using plaintext DNS to look up the VPN server's IP address. This allows an adversary to trick the victim into sending traffic to arbitrary IP addresses in plaintext outside the VPN tunnel. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "ServerIP attack, combined with DNS spoofing, that can leak traffic to an arbitrary IP address" rather than to only Avira Phantom VPN.

Security researchers accessed an internal camera inside the Deckmate 2 shuffler to learn the exact deck order—and the hand of every player at a poker table.

Security researchers set up a remote machine and recorded every move cybercriminals made—including their login details.

By Habiba Rashid New Intel Processor Vulnerability "Downfall" Discovered: Threats to Data Security Amplify This is a post from HackRead.com Read the original post: Intel Responds to ‘Downfall’ Attack with Firmware Updates, Urges Mitigation

A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense before 23.7 allows attackers to execute arbitrary system commands.

The EuroTel ETL3100 TV and FM transmitters suffer from an unauthenticated configuration and log download vulnerability. This will enable the attacker to disclose sensitive information and help him in authentication bypass, privilege escalation and full system access.

The EuroTel ETL3100 transmitter is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access the hidden resources on the system and execute privileged functionalities.