security vulnerability – Page 12 – Experimental News Clipping Site

Hacker News: Susctl CVE-2024-54507: A particularly ‘sus’ sysctl in the XNU kernel

Jan 23, 2025

—

by

Source URL: https://jprx.io/cve-2024-54507/ Source: Hacker News Title: Susctl CVE-2024-54507: A particularly ‘sus’ sysctl in the XNU kernel Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a security vulnerability (CVE-2024-54507) within the XNU kernel related to the sysctl interface, leading to an out-of-bounds read. This provides an important case study for software…

Hacker News: Hacking Subaru: Tracking and Controlling Cars via the Starlink Admin Panel

Jan 23, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://samcurry.net/hacking-subaru Source: Hacker News Title: Hacking Subaru: Tracking and Controlling Cars via the Starlink Admin Panel Feedly Summary: Comments AI Summary and Description: Yes Summary: The text highlights a critical security vulnerability discovered in Subaru’s STARLINK vehicle service, allowing unauthorized access to vehicles and sensitive customer data. This incident underscores the need for…

The Register: Asus lets processor security fix slip out early, AMD confirms patch in progress

Jan 23, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/01/23/asus_amd_processor_fix/ Source: The Register Title: Asus lets processor security fix slip out early, AMD confirms patch in progress Feedly Summary: Answers on a postcard to what ‘Microcode Signature Verification Vulnerability’ might mean AMD has confirmed at least some of its microprocessors suffer a microcode-related security vulnerability, the existence of which accidentally emerged this…

Slashdot: Employees of Failed Startups Are at Special Risk of Stolen Personal Data Through Old Google Logins

Jan 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/01/20/1857213/employees-of-failed-startups-are-at-special-risk-of-stolen-personal-data-through-old-google-logins?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Employees of Failed Startups Are at Special Risk of Stolen Personal Data Through Old Google Logins Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a security vulnerability that allows hackers to exploit abandoned domains and existing Google login systems to access sensitive data from former startup…

Hacker News: Bambu Connect’s Authentication X.509 Certificate and Private Key Extracted

Jan 20, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://hackaday.com/2025/01/19/bambu-connects-authentication-x-509-certificate-and-private-key-extracted/ Source: Hacker News Title: Bambu Connect’s Authentication X.509 Certificate and Private Key Extracted Feedly Summary: Comments AI Summary and Description: Yes Summary: The text highlights a significant security vulnerability discovered in Bambu Lab’s software, particularly regarding their X1-series 3D printers. The extraction of sensitive cryptographic credentials threatens the integrity of the secure…

The Register: OpenAI’s ChatGPT crawler can be tricked into DDoSing sites, answering your queries

Jan 19, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.theregister.com/2025/01/19/openais_chatgpt_crawler_vulnerability/ Source: The Register Title: OpenAI’s ChatGPT crawler can be tricked into DDoSing sites, answering your queries Feedly Summary: The S in LLM stands for Security OpenAI’s ChatGPT crawler appears to be willing to initiate distributed denial of service (DDoS) attacks on arbitrary websites, a reported vulnerability the tech giant has yet to…

Hacker News: Windows BitLocker – Screwed Without a Screwdriver

Jan 18, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://neodyme.io/en/blog/bitlocker_screwed_without_a_screwdriver Source: Hacker News Title: Windows BitLocker – Screwed Without a Screwdriver Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text discusses a security vulnerability dubbed “bitpixie” that affects BitLocker encryption on Windows devices, allowing unauthorized access to the encryption key without the need for physical disassembly of the machine. It…

Rekt: The Idols NFT – Rekt

Jan 16, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.rekt.news/ Source: Rekt Title: The Idols NFT – Rekt Feedly Summary: Some reflections are better left unseen. The Idols NFT found out the hard way – never trust a mirror. A flaw in their reward system let an attacker drain 97 stETH ($324k) by setting sender and receiver to the same address. AI…

Slashdot: Dead Google Apps Domains Can Be Compromised By New Owners

Jan 15, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://it.slashdot.org/story/25/01/15/2031225/dead-google-apps-domains-can-be-compromised-by-new-owners?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Dead Google Apps Domains Can Be Compromised By New Owners Feedly Summary: AI Summary and Description: Yes Summary: The text highlights a critical security vulnerability regarding the improper management of Google Workspace accounts by defunct startups, leading to potential unauthorized access to sensitive information once the domains are resold.…

Microsoft Security Blog: Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions

Jan 14, 2025

—

by

Kurt Seifried

in Uncategorized

Source URL: https://www.microsoft.com/en-us/security/blog/2025/01/13/analyzing-cve-2024-44243-a-macos-system-integrity-protection-bypass-through-kernel-extensions/ Source: Microsoft Security Blog Title: Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions Feedly Summary: Microsoft discovered a macOS vulnerability allowing attackers to bypass System Integrity Protection (SIP) by loading third party kernel extensions, which could lead to serious consequences, such as allowing attackers to install rootkits, create persistent…

Tag: security vulnerability