Tag: security vulnerability

—

by

Source URL: https://www.cisa.gov/news-events/bulletins/sb24-358 Source: Bulletins Title: Vulnerability Summary for the Week of December 16, 2024 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000 Projects–Attendance Tracking Management System A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. Affected by this vulnerability is…

Bulletins: Vulnerability Summary for the Week of January 20, 2025

—

by

Source URL: https://www.cisa.gov/news-events/bulletins/sb25-026 Source: Bulletins Title: Vulnerability Summary for the Week of January 20, 2025 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info aEnrich Technology–a+HRD The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database…

Bulletins: Vulnerability Summary for the Week of December 2, 2024

—

by

Source URL: https://www.cisa.gov/news-events/bulletins/sb24-344 Source: Bulletins Title: Vulnerability Summary for the Week of December 2, 2024 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description8 Published CVSS Score Source Info SailPoint Technologies–IdentityIQ IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2…

The Register: CDNs: Great for speeding up the internet, bad for location privacy

—

by

Source URL: https://www.theregister.com/2025/01/27/cloudflare_cdn_location_data/ Source: The Register Title: CDNs: Great for speeding up the internet, bad for location privacy Feedly Summary: Also, Subaru web portal spills user deets, Tornado Cash sanctions overturned, a Stark ransomware attack, and more Infosec in brief Using a custom-built tool, a 15-year-old hacker exploited Cloudflare’s content delivery network to approximate the…

Hacker News: Susctl CVE-2024-54507: A particularly ‘sus’ sysctl in the XNU kernel

Jan 23, 2025

—

by

Source URL: https://jprx.io/cve-2024-54507/ Source: Hacker News Title: Susctl CVE-2024-54507: A particularly ‘sus’ sysctl in the XNU kernel Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a security vulnerability (CVE-2024-54507) within the XNU kernel related to the sysctl interface, leading to an out-of-bounds read. This provides an important case study for software…

Hacker News: Hacking Subaru: Tracking and Controlling Cars via the Starlink Admin Panel

Jan 23, 2025

—

by

Source URL: https://samcurry.net/hacking-subaru Source: Hacker News Title: Hacking Subaru: Tracking and Controlling Cars via the Starlink Admin Panel Feedly Summary: Comments AI Summary and Description: Yes Summary: The text highlights a critical security vulnerability discovered in Subaru’s STARLINK vehicle service, allowing unauthorized access to vehicles and sensitive customer data. This incident underscores the need for…

The Register: Asus lets processor security fix slip out early, AMD confirms patch in progress

Jan 23, 2025

—

by

Source URL: https://www.theregister.com/2025/01/23/asus_amd_processor_fix/ Source: The Register Title: Asus lets processor security fix slip out early, AMD confirms patch in progress Feedly Summary: Answers on a postcard to what ‘Microcode Signature Verification Vulnerability’ might mean AMD has confirmed at least some of its microprocessors suffer a microcode-related security vulnerability, the existence of which accidentally emerged this…

Slashdot: Employees of Failed Startups Are at Special Risk of Stolen Personal Data Through Old Google Logins

Jan 20, 2025

—

by

Source URL: https://it.slashdot.org/story/25/01/20/1857213/employees-of-failed-startups-are-at-special-risk-of-stolen-personal-data-through-old-google-logins?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Employees of Failed Startups Are at Special Risk of Stolen Personal Data Through Old Google Logins Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a security vulnerability that allows hackers to exploit abandoned domains and existing Google login systems to access sensitive data from former startup…

Hacker News: Bambu Connect’s Authentication X.509 Certificate and Private Key Extracted

Jan 20, 2025

—

by