Experimental News Clipping Site

Tag: attack vectors

  • The Register: Japanese Police claim China ran five-year cyberattack campaign

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/09/japan_mirrorface_china_attack/ Source: The Register Title: Japanese Police claim China ran five-year cyberattack campaign Feedly Summary: ‘MirrorFace’ group found ways to run malware in the Windows sandbox, which is worrying Japan’s National Police Agency and Center of Incident Readiness and Strategy for Cybersecurity have confirmed third party reports of attacks on local orgs by…

  • Alerts: CISA Adds One Vulnerability to the KEV Catalog

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/01/08/cisa-adds-one-vulnerability-kev-catalog Source: Alerts Title: CISA Adds One Vulnerability to the KEV Catalog Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-0282 Ivanti Connect Secure Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the…

  • Alerts: CISA Adds Three Known Exploited Vulnerabilities to Catalog

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/01/07/cisa-adds-three-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Three Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-41713 Mitel MiCollab Path Traversal Vulnerability CVE-2024-55550 Mitel MiCollab Path Traversal Vulnerability CVE-2020-2883 Oracle WebLogic Server Unspecified Vulnerability Users and administrators are also encouraged to…

  • Wired: All the Top CPU and GPU News From CES 2025

    by

    Kurt Seifried
    in

    Source URL: https://www.wired.com/story/intel-amd-qualcomm-nvidia-new-cpus-and-gpus-ces-2025/ Source: Wired Title: All the Top CPU and GPU News From CES 2025 Feedly Summary: This year, it’s shaping up to be AI, all the time. AI Summary and Description: Yes Summary: The text discusses advancements in AI-driven processors unveiled at CES 2025, focusing on significant announcements from major chip manufacturers. The…

  • Embrace The Red: AI Domination: Remote Controlling ChatGPT ZombAI Instances

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/spaiware-and-chatgpt-command-and-control-via-prompt-injection-zombai/ Source: Embrace The Red Title: AI Domination: Remote Controlling ChatGPT ZombAI Instances Feedly Summary: At Black Hat Europe I did a fun presentation titled SpAIware and More: Advanced Prompt Injection Exploits. Without diving into the details of the entire talk, the key point I was making is that prompt injection can impact…

  • The Register: Telemetry data from 800K VW Group EVs exposed online

    by

    system automation
    in

    Source URL: https://www.theregister.com/2025/01/06/volkswagen_ev_data_exposed/ Source: The Register Title: Telemetry data from 800K VW Group EVs exposed online Feedly Summary: PLUS: DoJ bans data sale to enemy nations; Do Kwon extradited to US; Tenable CEO passes away; and more Infosec in Brief Welcome to 2025: hopefully you enjoyed a pleasant holiday season and returned to the security…

  • Hacker News: GPON FTTH networks (in)security (2016)

    by

    system automation
    in

    Source URL: https://pierrekim.github.io/blog/2016-11-01-gpon-ftth-networks-insecurity.html#introduction Source: Hacker News Title: GPON FTTH networks (in)security (2016) Feedly Summary: Comments AI Summary and Description: Yes Summary: The text delves into the (in)security of GPON FTTH networks, particularly focusing on vulnerabilities inherent in devices like the Optical Network Terminal (ONT) used by major ISPs in France. It uncovers significant threats, including…

  • Hacker News: Developing inside a virtual machine

    by

    system automation
    in

    Source URL: https://blog.disintegrator.dev/posts/dev-virtual-machine/ Source: Hacker News Title: Developing inside a virtual machine Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text describes an individual’s experience setting up a secure and efficient development environment using a virtual machine (VM) on a MacBook Pro. It highlights the benefits of containerizing development tools and dependencies within…

  • Hacker News: Déjà vu: Ghostly CVEs in my terminal title

    by

    system automation
    in

    Source URL: https://dgl.cx/2024/12/ghostty-terminal-title Source: Hacker News Title: Déjà vu: Ghostly CVEs in my terminal title Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a critical security vulnerability in the Ghostty terminal emulator, reminiscent of issues previously documented in terminal emulators from 2003. It highlights how in-band signaling can expose users to…

  • The Cloudflare Blog: Open sourcing h3i: a command line tool and library for low-level HTTP/3 testing and debugging

    by

    system automation
    in

    Source URL: https://blog.cloudflare.com/h3i/ Source: The Cloudflare Blog Title: Open sourcing h3i: a command line tool and library for low-level HTTP/3 testing and debugging Feedly Summary: h3i is a command line tool and Rust library designed for low-level testing and debugging of HTTP/3, which runs over QUIC. AI Summary and Description: Yes **Short Summary with Insight:**…