Cloud Security Alliance News Clipping Site

Tag: Exploitation

  • Slashdot: D-Link Won’t Fix Critical Flaw Affecting 60,000 Older NAS Devices

    by

    system automation
    in

    Source URL: https://it.slashdot.org/story/24/11/11/2158210/d-link-wont-fix-critical-flaw-affecting-60000-older-nas-devices?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: D-Link Won’t Fix Critical Flaw Affecting 60,000 Older NAS Devices Feedly Summary: AI Summary and Description: Yes Summary: D-Link has announced no patch for a critical command injection vulnerability affecting over 60,000 NAS devices, urging users to either retire or isolate the devices. This situation emphasizes significant risks for…

  • Slashdot: Amazon Confirms Employee Data Stolen After Hacker Claims MOVEit Breach

    by

    system automation
    in

    Source URL: https://it.slashdot.org/story/24/11/11/2124251/amazon-confirms-employee-data-stolen-after-hacker-claims-moveit-breach?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Amazon Confirms Employee Data Stolen After Hacker Claims MOVEit Breach Feedly Summary: AI Summary and Description: Yes Summary: Amazon has confirmed a data breach linked to a third-party vendor, exposing employee contact information but not sensitive data. This incident raises important questions about third-party risk management and security controls.…

  • Slashdot: Hackers Are Sending Fraudulent Police Data Requests To Tech Giants To Steal People’s Private Information

    by

    system automation
    in

    Source URL: https://yro.slashdot.org/story/24/11/08/231226/hackers-are-sending-fraudulent-police-data-requests-to-tech-giants-to-steal-peoples-private-information?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Hackers Are Sending Fraudulent Police Data Requests To Tech Giants To Steal People’s Private Information Feedly Summary: AI Summary and Description: Yes Summary: The FBI has issued a warning regarding an increase in fraudulent emergency data requests by hackers who compromise government and police email accounts. These fraudulent requests…

  • Slashdot: FBI Says Hackers Are Sending Fraudulent Police Data Requests To Tech Giants To Steal People’s Private Information

    by

    system automation
    in

    Source URL: https://yro.slashdot.org/story/24/11/08/170208/fbi-says-hackers-are-sending-fraudulent-police-data-requests-to-tech-giants-to-steal-peoples-private-information Source: Slashdot Title: FBI Says Hackers Are Sending Fraudulent Police Data Requests To Tech Giants To Steal People’s Private Information Feedly Summary: AI Summary and Description: Yes Summary: The text highlights a critical warning from the FBI regarding the exploitation of emergency data requests by cybercriminals. This issue is particularly relevant for…

  • The Register: Scattered Spider, BlackCat claw their way back from criminal underground

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/08/scattered_spider_blackcat_return/ Source: The Register Title: Scattered Spider, BlackCat claw their way back from criminal underground Feedly Summary: We all know by now that monsters never die, right? Two high-profile criminal gangs, Scattered Spider and BlackCat/ALPHV, seemed to disappear into the darkness like their namesakes following a series of splashy digital heists last year,…

  • Hacker News: A New Era of macOS Sandbox Escapes: Overlooked Attack Surface, 10+ New Vulns

    by

    system automation
    in

    Source URL: https://jhftss.github.io/A-New-Era-of-macOS-Sandbox-Escapes/ Source: Hacker News Title: A New Era of macOS Sandbox Escapes: Overlooked Attack Surface, 10+ New Vulns Feedly Summary: Comments AI Summary and Description: Yes Summary: The blog post discusses a series of novel sandbox escape vulnerabilities discovered in macOS, including various CVEs that expose how remote code execution (RCE) within a…

  • Hacker News: The ‘Invisibility Cloak’ – Slash-Proc Magic

    by

    system automation
    in

    Source URL: https://dfir.ch/posts/slash-proc/ Source: Hacker News Title: The ‘Invisibility Cloak’ – Slash-Proc Magic Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text provides a technical exploration of a process-hiding technique using bind mounts in Linux, highlighting its implications for forensic investigations. It elucidates how malicious actors can utilize this approach to manipulate process…

  • Schneier on Security: AI Industry is Trying to Subvert the Definition of “Open Source AI”

    by

    system automation
    in

    Source URL: https://www.schneier.com/blog/archives/2024/11/ai-industry-is-trying-to-subvert-the-definition-of-open-source-ai.html Source: Schneier on Security Title: AI Industry is Trying to Subvert the Definition of “Open Source AI” Feedly Summary: The Open Source Initiative has published (news article here) its definition of “open source AI,” and it’s terrible. It allows for secret training data and mechanisms. It allows for development to be done…

  • Hacker News: Perceptually lossless (talking head) video compression at 22kbit/s

    by

    system automation
    in

    Source URL: https://mlumiste.com/technical/liveportrait-compression/ Source: Hacker News Title: Perceptually lossless (talking head) video compression at 22kbit/s Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text discusses the recent advancements in the LivePortrait model for animating still images and its implications for video compression, particularly in the realm of deepfake technology. This innovation presents significant…

  • Alerts: CISA Adds Four Known Exploited Vulnerabilities to Catalog

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/11/07/cisa-adds-four-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Four Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-43093 Android Framework Privilege Escalation Vulnerability CVE-2024-51567 CyberPanel Incorrect Default Permissions Vulnerability CVE-2019-16278 Nostromo nhttpd Directory Traversal Vulnerability CVE-2024-5910 Palo Alto Expedition Missing…