Cloud Security Alliance News Clipping Site

Tag: exploit

  • Hacker News: Ghost Tap: New cash-out tactic with NFC Relay

    by

    system automation
    in

    Source URL: https://www.threatfabric.com/blogs/ghost-tap-new-cash-out-tactic-with-nfc-relay Source: Hacker News Title: Ghost Tap: New cash-out tactic with NFC Relay Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a new cash-out tactic used by fraudsters, termed “Ghost Tap,” which involves relaying NFC traffic to covertly cash out stolen credit card information linked to mobile payment systems…

  • Slashdot: Apple Says Mac Users Targeted in Zero-Day Cyberattacks

    by

    system automation
    in

    Source URL: https://it.slashdot.org/story/24/11/20/181206/apple-says-mac-users-targeted-in-zero-day-cyberattacks?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Apple Says Mac Users Targeted in Zero-Day Cyberattacks Feedly Summary: AI Summary and Description: Yes Summary: Apple’s recent security updates address critical zero-day vulnerabilities affecting Intel-based Mac systems that were under active attack, highlighting the importance of timely patch management and awareness of state-sponsored cyber threats. Detailed Description: Apple’s…

  • Alerts: Apple Releases Security Updates for Multiple Products

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/11/20/apple-releases-security-updates-multiple-products Source: Alerts Title: Apple Releases Security Updates for Multiple Products Feedly Summary: Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply…

  • The Register: Google’s AI bug hunters sniff out two dozen-plus code gremlins that humans missed

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/20/google_ossfuzz/ Source: The Register Title: Google’s AI bug hunters sniff out two dozen-plus code gremlins that humans missed Feedly Summary: OSS-Fuzz is making a strong argument for LLMs in security research Google’s OSS-Fuzz project, which uses large language models (LLMs) to help find bugs in code repositories, has now helped identify 26 vulnerabilities,…

  • Alerts: 2024 CWE Top 25 Most Dangerous Software Weaknesses

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/11/20/2024-cwe-top-25-most-dangerous-software-weaknesses Source: Alerts Title: 2024 CWE Top 25 Most Dangerous Software Weaknesses Feedly Summary: The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Homeland Security Systems Engineering and Development Institute (HSSEDI), operated by MITRE, has released the 2024 CWE Top 25 Most Dangerous Software Weaknesses. This annual list identifies the most critical…

  • Alerts: CISA Adds Two Known Exploited Vulnerabilities to Catalog

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/11/20/cisa-adds-two-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Two Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability These types of vulnerabilities are frequent attack vectors…

  • The Register: D-Link tells users to trash old VPN routers over bug too dangerous to identify

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/20/dlink_rip_replace_router/ Source: The Register Title: D-Link tells users to trash old VPN routers over bug too dangerous to identify Feedly Summary: Vendor offers 20% discount on new model, but not patches Owners of older models of D-Link VPN routers are being told to retire and replace their devices following the disclosure of a…

  • Hacker News: Microsoft will soon let you clone your voice for Teams meetings

    by

    system automation
    in

    Source URL: https://techcrunch.com/2024/11/19/soon-microsoft-will-let-teams-meeting-attendees-clone-their-voices/ Source: Hacker News Title: Microsoft will soon let you clone your voice for Teams meetings Feedly Summary: Comments AI Summary and Description: Yes Summary: Microsoft has announced a new feature called Interpreter for Teams, which will enable users to clone their voices for real-time interpretation in multiple languages, starting in early 2025.…

  • Wired: Inside the Booming ‘AI Pimping’ Industry

    by

    system automation
    in

    Source URL: https://www.wired.com/story/ai-pimping-industry-deepfakes-instagram/ Source: Wired Title: Inside the Booming ‘AI Pimping’ Industry Feedly Summary: AI-generated influencers based on stolen images of real-life adult content creators are flooding social media. AI Summary and Description: Yes Summary: The text highlights the emerging issue of AI-generated influencers on Instagram that are appropriating the likenesses of real creators, leading…

  • The Register: China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/19/china_brazenbamboo_fortinet_0day/ Source: The Register Title: China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer Feedly Summary: No word on when or if the issue will be fixed Chinese government-linked snoops are exploiting a zero-day bug in Fortinet’s Windows VPN client to steal credentials and other information, according to memory forensics outfit Volexity.… AI…