Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

Smart home assistants at risk from "NUIT" ultrasound attack

Categories: News Tags: ultrasound Tags: NUIT Tags: speakers Tags: microphone Tags: device Tags: IoT Tags: assistant Tags: alexa Tags: siri Tags: google Tags: silent We take a look at research for an IoT attack called NUIT, capable of hijacking voice assistants via ultrasonic attack. (Read more...) The post Smart home assistants at risk from "NUIT" ultrasound attack appeared first on Malwarebytes Labs.

Malwarebytes
Open in Source
#web#apple#google#auth
Top Tech Talent Warns of AI's Threat to Human Existence in Open Letter

Elon Musk, Steve Wozniak, and Andrew Yang are among more than 1,000 tech leaders asking for time to establish human safety parameters around AI.

Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits

Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.

Beware of MacStealer: A New Malware Targeting macOS Catalina Devices

By Deeba Ahmed The new MacStealer malware is being advertised on a notorious Russian hacker and cybercrime forum. This is a post from HackRead.com Read the original post: Beware of MacStealer: A New Malware Targeting macOS Catalina Devices

CVE-2023-27232: ttt/32 at main · Am1ngl/ttt

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg.

CVE-2023-27229: ttt/30 at main · Am1ngl/ttt

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the upBw parameter at /setting/setWanIeCfg.

CVE-2023-27231: ttt/31 at main · Am1ngl/ttt

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg.

MacStealer Malware Plucks Bushels of Data From Apple Users

A novel cyber threat against macOS users is being sold for $100 a pop on the Dark Web, and activity is ramping up.

CVE-2022-23122: Netatalk Release Notes

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837.

CVE-2022-23121: ZDI-22-527

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.