Tag: Exploitation
-
Schneier on Security: Hacking ChatGPT by Planting False Memories into Its Data
Source URL: https://www.schneier.com/blog/archives/2024/10/hacking-chatgpt-by-planting-false-memories-into-its-data.html Source: Schneier on Security Title: Hacking ChatGPT by Planting False Memories into Its Data Feedly Summary: This vulnerability hacks a feature that allows ChatGPT to have long-term memory, where it uses information from past conversations to inform future conversations with that same user. A researcher found that he could use that feature…
-
Alerts: Apple Releases Security Updates for Multiple Products
Source URL: https://www.cisa.gov/news-events/alerts/2024/09/18/apple-releases-security-updates-multiple-products Source: Alerts Title: Apple Releases Security Updates for Multiple Products Feedly Summary: Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply…
-
The Register: Feeld dating app’s security too open-minded as private data swings into public view
Source URL: https://www.theregister.com/2024/09/13/feeld_dating_app_failures/ Source: The Register Title: Feeld dating app’s security too open-minded as private data swings into public view Feedly Summary: No love for months-long wait to fix this, either Security researchers have revealed a litany of failures in the Feeld dating app that could be abused to access all manner of private user…
-
Slashdot: Windows Update Zero-Day Being Exploited To Undo Security Fixes
Source URL: https://tech.slashdot.org/story/24/09/10/229252/windows-update-zero-day-being-exploited-to-undo-security-fixes?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Windows Update Zero-Day Being Exploited To Undo Security Fixes Feedly Summary: AI Summary and Description: Yes Summary: This text highlights a critical security vulnerability in Windows Update (CVE-2024-43491) that is currently being exploited in the wild. With a high CVSS score, the flaw allows attackers to reverse previously implemented…
-
Alerts: CISA Adds Three Known Exploited Vulnerabilities to Catalog
Source URL: https://www.cisa.gov/news-events/alerts/2024/09/09/cisa-adds-three-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Three Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2016-3714 ImageMagick Improper Input Validation Vulnerability CVE-2017-1000253 Linux Kernel PIE Stack Buffer Corruption Vulnerability CVE-2024-40766 SonicWall SonicOS Improper Access Control Vulnerability These…
-
Hacker News: Exploiting CI / CD Pipelines for fun and profit
Source URL: https://blog.razzsecurity.com/2024/09/08/exploitation-research/exploiting-ci-cd-pipelines-for-fun-and-profit/ Source: Hacker News Title: Exploiting CI / CD Pipelines for fun and profit Feedly Summary: Comments AI Summary and Description: Yes Summary: The text outlines a significant security vulnerability originating from a publicly exposed .git directory, leading to an exploit chain resulting in full server takeover. It emphasizes the importance of proper…