Experimental News Clipping Site

Tag: exploits

  • The Register: Zero-day exploits plague Ivanti Connect Secure appliances for second year running

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/09/zeroday_exploits_ivanti/ Source: The Register Title: Zero-day exploits plague Ivanti Connect Secure appliances for second year running Feedly Summary: Factory resets and apply patches is the advice amid fortnight delay for other appliances The cybersecurity industry is urging those in charge of defending their orgs to take mitigation efforts “seriously" as Ivanti battles two…

  • The Register: Security pros baited with fake Windows LDAP exploit traps

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/09/security_pros_baited_by_fake/ Source: The Register Title: Security pros baited with fake Windows LDAP exploit traps Feedly Summary: Tricky attackers trying yet again to deceive the good guys on home territory Security researchers are once again being lured into traps by attackers, this time with fake exploits of serious Microsoft security flaws.… AI Summary and…

  • The Register: DNA sequencers found running ancient BIOS, posing risk to clinical research

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/08/dna_sequencer_vulnerabilities/ Source: The Register Title: DNA sequencers found running ancient BIOS, posing risk to clinical research Feedly Summary: Devices on six-year-old firmware vulnerable to takeover and destruction Argentine cybersecurity shop Eclypsium claims security issues affecting leading DNA sequencing devices could lead to disruptions in crucial clinical research.… AI Summary and Description: Yes Summary:…

  • Hacker News: How is my Browser blocking RWX execution?

    by

    Kurt Seifried
    in

    Source URL: https://rwxstoned.github.io/2025-01-04-Reviewing-browser-hooks/ Source: Hacker News Title: How is my Browser blocking RWX execution? Feedly Summary: Comments AI Summary and Description: Yes Summary: The text describes a novel security feature implemented in a popular browser that functions similarly to an Endpoint Detection and Response (EDR) system. By monitoring thread creation at runtime, the browser can…

  • Krebs on Security: A Day in the Life of a Prolific Voice Phishing Crew

    by

    Kurt Seifried
    in

    Source URL: https://krebsonsecurity.com/2025/01/a-day-in-the-life-of-a-prolific-voice-phishing-crew/ Source: Krebs on Security Title: A Day in the Life of a Prolific Voice Phishing Crew Feedly Summary: Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations…

  • Embrace The Red: AI Domination: Remote Controlling ChatGPT ZombAI Instances

    by

    Kurt Seifried
    in

    Source URL: https://embracethered.com/blog/posts/2025/spaiware-and-chatgpt-command-and-control-via-prompt-injection-zombai/ Source: Embrace The Red Title: AI Domination: Remote Controlling ChatGPT ZombAI Instances Feedly Summary: At Black Hat Europe I did a fun presentation titled SpAIware and More: Advanced Prompt Injection Exploits. Without diving into the details of the entire talk, the key point I was making is that prompt injection can impact…

  • Hacker News: Aedan Cullen Cracks the Raspberry Pi RP2350’s Security Subsystem Wide Open

    by

    Kurt Seifried
    in

    Source URL: https://www.hackster.io/news/aedan-cullen-cracks-the-raspberry-pi-rp2350-s-security-subsystem-wide-open-a500925c7b35 Source: Hacker News Title: Aedan Cullen Cracks the Raspberry Pi RP2350’s Security Subsystem Wide Open Feedly Summary: Comments AI Summary and Description: Yes Summary: Aedan Cullen has demonstrated a method to breach the security of Raspberry Pi’s RP2350 microcontroller, a device intended for secure commercial applications. This incident highlights the ongoing vulnerabilities…

  • The Register: Telemetry data from 800K VW Group EVs exposed online

    by

    system automation
    in

    Source URL: https://www.theregister.com/2025/01/06/volkswagen_ev_data_exposed/ Source: The Register Title: Telemetry data from 800K VW Group EVs exposed online Feedly Summary: PLUS: DoJ bans data sale to enemy nations; Do Kwon extradited to US; Tenable CEO passes away; and more Infosec in Brief Welcome to 2025: hopefully you enjoyed a pleasant holiday season and returned to the security…

  • Hacker News: F-Droid Fake Signer PoC

    by

    system automation
    in

    Source URL: https://github.com/obfusk/fdroid-fakesigner-poc Source: Hacker News Title: F-Droid Fake Signer PoC Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses vulnerabilities in the APK signing process for Android, specifically how certain implementations of fdroidserver and related tools can be exploited, leading to potential bypasses of certificate pinning. This is critical for professionals…