Experimental News Clipping Site

Tag: exploits

  • The Register: Sysadmins rage over Apple’s ‘nightmarish’ SSL/TLS cert lifespan cuts

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/10/15/apples_security_cert_lifespan/ Source: The Register Title: Sysadmins rage over Apple’s ‘nightmarish’ SSL/TLS cert lifespan cuts Feedly Summary: Maximum validity down from 398 days to 45 by 2027 Apple wants to shorten SSL/TLS security certificates’ lifespans, down from 398 days now to just 45 days by 2027, and sysadmins have some very strong feelings about…

  • Hacker News: Safer with Google: Advancing Memory Safety

    by

    system automation
    in

    Source URL: https://security.googleblog.com/2024/10/safer-with-google-advancing-memory.html Source: Hacker News Title: Safer with Google: Advancing Memory Safety Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text discusses Google’s strategic commitment to enhancing memory safety in software, revealing a two-pronged approach that includes increasing the adoption of memory-safe languages and improving the risk management of existing memory-unsafe languages.…

  • Google Online Security Blog: Safer with Google: Advancing Memory Safety

    by

    system automation
    in

    Source URL: http://security.googleblog.com/2024/10/safer-with-google-advancing-memory.html Source: Google Online Security Blog Title: Safer with Google: Advancing Memory Safety Feedly Summary: AI Summary and Description: Yes Summary: The content discusses Google’s strategic commitment to enhancing memory safety in software development. It highlights the significance of memory safety vulnerabilities, current trends, and Google’s two-pronged approach to integrating memory-safe languages while…

  • Hacker News: Invisible text that AI chatbots understand and humans can’t?

    by

    system automation
    in

    Source URL: https://arstechnica.com/security/2024/10/ai-chatbots-can-read-and-write-invisible-text-creating-an-ideal-covert-channel/ Source: Hacker News Title: Invisible text that AI chatbots understand and humans can’t? Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a sophisticated method of exploiting vulnerabilities in AI chatbots like Claude and Copilot through “ASCII smuggling,” where invisible characters are used to embed malicious instructions. This innovative…

  • Cloud Blog: How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends

    by

    system automation
    in

    Source URL: https://cloud.google.com/blog/topics/threat-intelligence/time-to-exploit-trends-2023/ Source: Cloud Blog Title: How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends Feedly Summary: Written by: Casey Charrier, Robert Weiner Mandiant analyzed 138 vulnerabilities that were disclosed in 2023 and that we tracked as exploited in the wild. Consistent with past analyses, the majority (97) of these vulnerabilities were…

  • Schneier on Security: Perfectl Malware

    by

    system automation
    in

    Source URL: https://www.schneier.com/blog/archives/2024/10/perfectl-malware.html Source: Schneier on Security Title: Perfectl Malware Feedly Summary: Perfectl in an impressive piece of malware: The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the Internet potential targets, researchers from Aqua…

  • Hacker News: Bug, $50K+ in bounties: how Zendesk left a backdoor in companies

    by

    system automation
    in

    Source URL: https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52 Source: Hacker News Title: Bug, $50K+ in bounties: how Zendesk left a backdoor in companies Feedly Summary: Comments AI Summary and Description: Yes Summary: The text narrates the journey of a young programmer discovering a significant security vulnerability in Zendesk, which could potentially expose sensitive customer support tickets for multiple Fortune 500…

  • Cisco Talos Blog: What NIST’s latest password standards mean, and why the old ones weren’t working

    by

    system automation
    in

    Source URL: https://blog.talosintelligence.com/threat-source-newsletter-oct-10-2024/ Source: Cisco Talos Blog Title: What NIST’s latest password standards mean, and why the old ones weren’t working Feedly Summary: Rather than setting a regular cadence for changing passwords, users only need to change their passwords if there is evidence of a breach.  AI Summary and Description: Yes **Summary:** The text discusses…

  • Alerts: CISA Releases Twenty-One Industrial Control Systems Advisories

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/10/10/cisa-releases-twenty-one-industrial-control-systems-advisories Source: Alerts Title: CISA Releases Twenty-One Industrial Control Systems Advisories Feedly Summary: CISA released twenty-one Industrial Control Systems (ICS) advisories on October 10, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-284-01 Siemens SIMATIC S7-1500 and S7-1200 CPUs ICSA-24-284-02 Siemens Simcenter Nastran ICSA-24-284-03 Siemens Teamcenter…

  • The Register: MediaTek enters the 4th Dimensity with 3nm octa-core 9400 smartphone brains

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/10/09/mediatek_dimensity_9400/ Source: The Register Title: MediaTek enters the 4th Dimensity with 3nm octa-core 9400 smartphone brains Feedly Summary: Still sticking with Arm and not taking RISC-Vs Fabless Taiwanese chip biz MediaTek has unveiled the fourth flagship entry in its Dimensity family of system-on-chips for smartphones and other mobile devices. It’s sticking with close…