security researchers – Page 9 – Experimental News Clipping Site

The Register: SLAP, Apple, and FLOP: Safari, Chrome at risk of data theft on iPhone, Mac Silicon

Jan 29, 2025

—

by

Source URL: https://www.theregister.com/2025/01/29/flop_and_slap_attacks_apple_silicon/ Source: The Register Title: SLAP, Apple, and FLOP: Safari, Chrome at risk of data theft on iPhone, Mac Silicon Feedly Summary: It’s another cousin of Spectre, here to read your email, browsing history, and more Many recent Apple laptops, desktops, tablets, and phones powered by Cupertino’s homegrown Silicon processors can be exploited…

Hacker News: New Apple CPU side-channel attacks steals data from browsers

Jan 28, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.bleepingcomputer.com/news/security/new-apple-cpu-side-channel-attack-steals-data-from-browsers/ Source: Hacker News Title: New Apple CPU side-channel attacks steals data from browsers Feedly Summary: Comments AI Summary and Description: Yes Summary: A recent disclosure by security researchers reveals critical side-channel vulnerabilities in modern Apple processors, specifically regarding the FLOP and SLAP attacks. These flaws exploit speculative execution mechanisms to leak sensitive…

Slashdot: Software Flaw Exposes Millions of Subarus, Rivers of Driver Data

Jan 28, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://yro.slashdot.org/story/25/01/28/0013226/software-flaw-exposes-millions-of-subarus-rivers-of-driver-data?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Software Flaw Exposes Millions of Subarus, Rivers of Driver Data Feedly Summary: AI Summary and Description: Yes Summary: The report highlights significant vulnerabilities in Subaru’s STARLINK telematics software, which permitted unauthorized access to numerous vehicles through easily accessible data. This case underscores ongoing security concerns in connected vehicle technologies,…

Hacker News: Curl Project and Go Security Teams Reject CVSS as Broken

Jan 27, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://socket.dev/blog/curl-project-and-go-security-teams-reject-cvss-as-broken Source: Hacker News Title: Curl Project and Go Security Teams Reject CVSS as Broken Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The debate surrounding the efficacy of the Common Vulnerability Scoring System (CVSS) is intensifying, particularly as key projects like cURL and Go distance themselves from it, advocating for context-driven…

Wired: Subaru Security Flaws Exposed Its System for Tracking Millions of Cars

Jan 23, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.wired.com/story/subaru-location-tracking-vulnerabilities/ Source: Wired Title: Subaru Security Flaws Exposed Its System for Tracking Millions of Cars Feedly Summary: Now-fixed web bugs allowed hackers to remotely unlock and start millions of Subarus. More disturbingly, they could also access at least a year of cars’ location histories—and Subaru employees still can. AI Summary and Description: Yes…

The Register: Six vulnerabilities in ubiquitous rsync tool announced and fixed in a day

Jan 17, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/01/17/rsync_vulnerabilities/ Source: The Register Title: Six vulnerabilities in ubiquitous rsync tool announced and fixed in a day Feedly Summary: Turns out tool does both file transfers and security fixes fast Don’t panic. Yes, there were a bunch of CVEs affecting potentially hundreds of thousands of users found in rsync in early December –…

The Register: Miscreants ‘mass exploited’ Fortinet firewalls, ‘highly probable’ zero-day used

Jan 14, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/01/14/miscreants_mass_exploited_fortinet_firewalls/ Source: The Register Title: Miscreants ‘mass exploited’ Fortinet firewalls, ‘highly probable’ zero-day used Feedly Summary: Ransomware ‘not off the table,’ Arctic Wolf threat hunter tells El Reg Miscreants running a “mass exploitation campaign" against Fortinet firewalls, which peaked in December, may be using an unpatched zero-day vulnerability to compromise the equipment, according…

The Register: Ransomware crew abuses AWS native encryption, sets data-destruct timer for 7 days

Jan 13, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/01/13/ransomware_crew_abuses_compromised_aws/ Source: The Register Title: Ransomware crew abuses AWS native encryption, sets data-destruct timer for 7 days Feedly Summary: ‘Codefinger’ crims on the hunt for compromised keys A new ransomware crew dubbed Codefinger targets AWS S3 buckets and uses the cloud giant’s own server-side encryption with customer provided keys (SSE-C) to lock up…

The Register: Europe coughs up €400 to punter after breaking its own GDPR data protection rules

Jan 13, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/01/13/data_broker_hacked/ Source: The Register Title: Europe coughs up €400 to punter after breaking its own GDPR data protection rules Feedly Summary: PLUS: Data broker leak reveals extent of info trading; Hot new ransomware gang might be all AI, no bark; and more Infosec in brief Gravy Analytics, a vendor of location intelligence info…

The Register: Security pros baited with fake Windows LDAP exploit traps

Jan 9, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/01/09/security_pros_baited_by_fake/ Source: The Register Title: Security pros baited with fake Windows LDAP exploit traps Feedly Summary: Tricky attackers trying yet again to deceive the good guys on home territory Security researchers are once again being lured into traps by attackers, this time with fake exploits of serious Microsoft security flaws.… AI Summary and…

Tag: security researchers