Cloud Security Alliance News Clipping Site

Tag: firefox

  • The Register: China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/19/china_brazenbamboo_fortinet_0day/ Source: The Register Title: China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer Feedly Summary: No word on when or if the issue will be fixed Chinese government-linked snoops are exploiting a zero-day bug in Fortinet’s Windows VPN client to steal credentials and other information, according to memory forensics outfit Volexity.… AI…

  • Bulletins: Vulnerability Summary for the Week of October 28, 2024

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/bulletins/sb24-309 Source: Bulletins Title: Vulnerability Summary for the Week of October 28, 2024 Feedly Summary: High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info acnoo — flutter_api  Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API allows Authentication Bypass.This issue affects Acnoo Flutter API:…

  • Hacker News: How to inspect TLS encrypted traffic

    by

    system automation
    in

    Source URL: https://blog.apnic.net/2024/10/14/how-to-inspect-tls-encrypted-traffic/ Source: Hacker News Title: How to inspect TLS encrypted traffic Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses various methods for decrypting TLS traffic to inspect potentially malicious communications, focusing on the strengths and limitations of each method. It is particularly relevant for professionals in cybersecurity, networking, and…

  • Simon Willison’s Weblog: Initial explorations of Anthropic’s new Computer Use capability

    by

    system automation
    in

    Source URL: https://simonwillison.net/2024/Oct/22/computer-use/#atom-everything Source: Simon Willison’s Weblog Title: Initial explorations of Anthropic’s new Computer Use capability Feedly Summary: Two big announcements from Anthropic today: a new Claude 3.5 Sonnet model and a new API mode that they are calling computer use. (They also pre-announced Haiku 3.5, but that’s not available yet so I’m ignoring it…

  • The Register: macOS HM Surf vuln might already be under exploit by major malware family

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/10/21/microsoft_macos_hm_surf/ Source: The Register Title: macOS HM Surf vuln might already be under exploit by major malware family Feedly Summary: Like keeping your camera and microphone private? Patch up In revealing details about a vulnerability that threatens the privacy of Apple fans, Microsoft urges all macOS users to update their systems.… AI Summary…

  • Microsoft Security Blog: New macOS vulnerability, “HM Surf”, could lead to unauthorized data access

    by

    system automation
    in

    Source URL: https://www.microsoft.com/en-us/security/blog/2024/10/17/new-macos-vulnerability-hm-surf-could-lead-to-unauthorized-data-access/ Source: Microsoft Security Blog Title: New macOS vulnerability, “HM Surf”, could lead to unauthorized data access Feedly Summary: Microsoft Threat Intelligence uncovered a macOS vulnerability that could potentially allow an attacker to bypass the operating system’s Transparency, Consent, and Control (TCC) technology and gain unauthorized access to a user’s protected data. The…

  • Alerts: CISA Adds Three Known Exploited Vulnerabilities to Catalog

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/10/15/cisa-adds-three-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Three Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-30088 Microsoft Windows Kernel TOCTOU Race Condition Vulnerability CVE-2024-9680 Mozilla Firefox Use-After-Free Vulnerability CVE-2024-28987 SolarWinds Web Help Desk Hardcoded Credential Vulnerability These…

  • The Register: Mozilla patches critical Firefox vuln that attackers are already exploiting

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/10/10/firefixed_mozilla_patches_critical_firefox/ Source: The Register Title: Mozilla patches critical Firefox vuln that attackers are already exploiting Feedly Summary: Firefixed: It’s maintenance time for low-complexity, high-impact security flaw It’s patch time for Firefox fans as Mozilla issues a security advisory for a critical code execution vulnerability in the browser.… AI Summary and Description: Yes Summary:…

  • Hacker News: Mozilla fixes Firefox zero-day actively exploited in attacks

    by

    system automation
    in

    Source URL: https://www.bleepingcomputer.com/news/security/mozilla-fixes-firefox-zero-day-actively-exploited-in-attacks/ Source: Hacker News Title: Mozilla fixes Firefox zero-day actively exploited in attacks Feedly Summary: Comments AI Summary and Description: Yes Summary: Mozilla has released an emergency update for Firefox to patch a serious use-after-free vulnerability (CVE-2024-9680) that is actively exploited by attackers. This flaw allows unauthorized code execution due to improper memory…

  • Slashdot: Mozilla Hit With Privacy Complaint In EU Over Firefox Tracking Tech

    by

    system automation
    in

    Source URL: https://tech.slashdot.org/story/24/09/27/002223/mozilla-hit-with-privacy-complaint-in-eu-over-firefox-tracking-tech?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Mozilla Hit With Privacy Complaint In EU Over Firefox Tracking Tech Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a complaint filed against Mozilla by the EU privacy group noyb for allegedly violating GDPR by enabling user tracking in Firefox without proper consent. This raises significant…