Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

How Art Appreciation Supplements Cybersecurity Skills

Using different parts of our brains gives us different perspectives on the world around us and new approaches to the problems we face in security.

DARKReading
Open in Source
#apple#auth
GHSA-r6wx-627v-gh2f: Directus has an HTML Injection in Comment

### Summary The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection. ### Details The Comment feature implements a character filter on the client-side, this can be bypassed by directly sending a request to the endpoint. Example Request: ``` PATCH /activity/comment/3 HTTP/2 Host: directus.local { "comment": "<h1>TEST <p style=\"color:red\">HTML INJECTION</p> <a href=\"//evil.com\">Test Link</a></h1>" } ``` Example Response: ```json { "data": { "id": 3, "action": "comment", "user": "288fdccc-399a-40a1-ac63-811bf62e6a18", "timestamp": "2023-09-06T02:23:40.740Z", "ip": "10.42.0.1", "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36", "collection": "directus_files", "item": "7247dda1-c386-4e7a-...

Chinese Hackers Breach US Firm, Maintain Network Access for Months

SUMMARY A large U.S. company with operations in China fell victim to a large-scale cyberattack earlier this year,…

Bypass Bug Revives Critical N-Day in Mitel MiCollab

A single barrier prevented attackers from exploiting a critical vulnerability in an enterprise collaboration platform. Now there's a workaround.

CISA Issues Guidance to Telecom Sector on Salt Typhoon Threat

Individuals concerned about the privacy of their communications should consider using encrypted messaging apps and encrypted voice communications, CISA and FBI officials say.

Russian FSB Hackers Breach Pakistan's APT Storm-0156

Parasitic advanced persistent threat Secret Blizzard accesses another APT's infrastructure and steals what it has stolen from South Asian government and military targets.

Pegasus Spyware Infections Proliferate Across iOS, Android Devices

The notorious spyware from Israel's NSO Group has been found targeting journalists, government officials, and corporate executives in multiple variants discovered in a threat scan of 3,500 mobile phones.

Are We on the Brink of Saying Goodbye to Passwords?

Explore the transition from passwords to a passwordless future: enhanced security, convenience, and cutting-edge innovations in biometrics and…

Digital Certificates With Shorter Lifespans Reduce Security Vulnerabilities

Proposals from Google and Apple drastically reduce the life cycle of certificates, which should mean more oversight — and hopefully better control.

The Role of Salesforce Implementation in Digital Transformation

Companies today constantly look for ways to improve their work with customers and perform better overall. The transition…