Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

MSI Data Breach: Private Code Signing Keys Leaked on the Dark Web

The threat actors behind the ransomware attack on Taiwanese PC maker MSI last month have leaked the company's private code signing keys on their dark website. "Confirmed, Intel OEM private key leaked, causing an impact on the entire ecosystem," Alex Matrosov, founder and CEO of firmware security firm Binarly, said in a tweet over the weekend. "It appears that Intel Boot Guard may not be

The Hacker News
Open in Source
#web#ios#intel#lenovo#bios#The Hacker News
CVE-2023-22791

A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker.

FICO Origination Manager Decision Module 4.8.1 XSS / Session Hijacking

Multiple persistent cross site scripting vulnerabilities in FICO Origination Manager Decision Module version 4.8.1 allow an attacker to execute code in the context of the victim's browser using a crafted payload. Additionally, an attacker with initial access to the application, can get the JSESSIONID cookie of another user and take over their session. These two findings can be chained together.

A week in security (May 1 - 7)

Categories: News The most interesting security related news of the week from May 1 till 7 (Read more...) The post A week in security (May 1 - 7) appeared first on Malwarebytes Labs.

CVE-2023-30257: Rooting the FiiO M6 - Part 2 - Writing an LPE Exploit For Our Overflow Bug

A buffer overflow in the component /proc/ftxxxx-debug of FiiO M6 Build Number v1.0.4 allows attackers to escalate privileges to root.

CVE-2023-32290: mailbox.org discovers unencrypted password transmission in myMail | mailbox.org

The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server.

Russian ‘Ghost Ships’ Identified Near the Nord Stream Blasts

Plus: Apple and Google plan to stop AirTag stalking, Meta violated the FTC’s privacy order, and how to tell if your car is tracking you.

Google and Apple cooperate to address unwanted tracking

Categories: News Categories: Privacy Tags: Google Tags: Apple Tags: AirTag Tags: Tile Tags: Samsung Tags: Bluetooth Tags: trackers Tags: stalking Tags: car thieves Google and Apple want to create a specification for tech that alerts users when they're being tracked by AirTags and similar devices. (Read more...) The post Google and Apple cooperate to address unwanted tracking appeared first on Malwarebytes Labs.

Transferring WhatsApp Data Between Android and iPhone [2023]

By ghostadmin When you transfer data from an Android to an iOS device, the Move to an iOS app is… This is a post from HackRead.com Read the original post: Transferring WhatsApp Data Between Android and iPhone [2023]

Doctors Behind Mifepristone Ban Called ‘Christians’ a Top Threat

Leaked documents reveal that the American College of Pediatricians viewed “mainstream medicine” and “nominal Christians” as its opposition.