Tag: exploit
-
Alerts: Ivanti Releases Admin Bypass Security Update for Cloud Services Appliance
Source URL: https://www.cisa.gov/news-events/alerts/2024/09/19/ivanti-releases-admin-bypass-security-update-cloud-services-appliance Source: Alerts Title: Ivanti Releases Admin Bypass Security Update for Cloud Services Appliance Feedly Summary: Ivanti has released a security update to address an admin bypass vulnerability (CVE-2024-8963) affecting Ivanti Cloud Services Appliance (CSA) version 4.6. A cyber threat actor could exploit this vulnerability in conjunction with CVE-2024-8190–detailed in a Sept. 13…
-
Hacker News: Race conditions in Linux Kernel perf events
Source URL: https://binarygecko.com/race-conditions-in-linux-kernel-perf-events/ Source: Hacker News Title: Race conditions in Linux Kernel perf events Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The provided text details a vulnerability in the Linux kernel’s `perf_events` subsystem, specifically related to the management of auxiliary buffers within performance monitoring events. It reveals exploit strategies and proofs of concept…
-
Rekt: Penpie – Rekt
Source URL: https://www.rekt.news/penpie-rekt Source: Rekt Title: Penpie – Rekt Feedly Summary: The crypto world never sleeps and neither do its hackers. In the latest episode of Who Wants to Be a Millionaire – DeFi Edition, Penpie has found itself on the wrong end of a $27 million exploit. AI Summary and Description: Yes **Summary:** The…
-
Hacker News: Unveiling Mac Security: Comprehensive Exploration of Sandboxing and AppData TCC
Source URL: https://imlzq.com/apple/macos/2024/08/24/Unveiling-Mac-Security-A-Comprehensive-Exploration-of-TCC-Sandboxing-and-App-Data-TCC.html Source: Hacker News Title: Unveiling Mac Security: Comprehensive Exploration of Sandboxing and AppData TCC Feedly Summary: Comments AI Summary and Description: Yes Summary: The text provides an in-depth analysis of vulnerabilities within macOS that allow for sandbox escape and logic exploitation. It discusses various techniques used to bypass security protections, focusing on…
-
Embrace The Red: Google AI Studio: LLM-Powered Data Exfiltration Hits Again! Quickly Fixed.
Source URL: https://embracethered.com/blog/posts/2024/google-ai-studio-data-exfiltration-now-fixed/ Source: Embrace The Red Title: Google AI Studio: LLM-Powered Data Exfiltration Hits Again! Quickly Fixed. Feedly Summary: Recently, I found what appeared to be a regression or bypass that again allowed data exfiltration via image rendering during prompt injection. See the previous post here. Data Exfiltration via Rendering HTML Image Tags During…
-
Slashdot: Microsoft Copilot Studio Exploit Leaks Sensitive Cloud Data
Source URL: https://yro.slashdot.org/story/24/08/21/1947215/microsoft-copilot-studio-exploit-leaks-sensitive-cloud-data?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Microsoft Copilot Studio Exploit Leaks Sensitive Cloud Data Feedly Summary: AI Summary and Description: Yes Summary: The text details a security vulnerability (CVE-2024-38206) found in Microsoft’s Copilot Studio that allows attackers to exploit Server-Side Request Forgery (SSRF) to access sensitive cloud data. This flaw has significant implications for cloud…
-
Wired: An AWS Configuration Issue Could Expose Thousands of Web Apps
Source URL: https://www.wired.com/story/aws-application-load-balancer-implementation-compromise/ Source: Wired Title: An AWS Configuration Issue Could Expose Thousands of Web Apps Feedly Summary: Amazon has updated its instructions for how customers should more securely implement AWS’s traffic-routing service known as Application Load Balancer, but it’s not clear everyone will get the memo. AI Summary and Description: Yes Summary: The text…