Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Expert Analysis Reveals Cryptographic Weaknesses in Threema Messaging App

A comprehensive analysis of the cryptographic protocols used in the Swiss encrypted messaging application Threema has revealed a number of loopholes that could be exploited to break authentication protections and even recover users' private keys. The seven attacks span three different threat models, according to ETH Zurich researchers Kenneth G. Paterson, Matteo Scarlata, and Kien Tuong Truong,

The Hacker News
Open in Source
#web#ios#android#auth#sap#ssl#The Hacker News
Latest Firmware Flaws in Qualcomm Snapdragon Need Attention

The issue concerns the boot layer of ARM chips, which are driving a low-power mobile ecosystem that includes 5G smartphones and base stations.

Attackers Are Already Exploiting ChatGPT to Write Malicious Code

The AI-based chatbot is allowing bad actors with absolutely no coding experience to develop malware.

WhatsApp Subverts Censorship with New Proxy Feature

By Habiba Rashid The new feature is specifically meant to help people maintain access to WhatsApp even if they are living in a repressive regime where internet shutdowns are common. This is a post from HackRead.com Read the original post: WhatsApp Subverts Censorship with New Proxy Feature

Debian Security Advisory 5311-1

Debian Linux Security Advisory 5311-1 - Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in HTTP request smuggling, cache poisoning or denial of service.

Red Hat Security Advisory 2022-9111-01

Red Hat Security Advisory 2022-9111-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.54. Issues addressed include a code execution vulnerability.

A week in security (January 1 - 8)

Categories: News Tags: Lock and Code S04E01 Tags: LastPass breach Tags: Okta breach Tags: VPN Tags: Synology Tags: fake Flipper Zero Tags: cyber insurance Tags: Wordpress plugin Tags: Twitter data dump Tags: Twitter The most interesting security related news from the week of January 1 to 8. (Read more...) The post A week in security (January 1 - 8) appeared first on Malwarebytes Labs.

CVE-2014-125067

A vulnerability classified as critical was found in corincerami curiosity. Affected by this vulnerability is an unknown functionality of the file app/controllers/image_controller.rb. The manipulation of the argument sol leads to sql injection. The name of the patch is d64fddd74ca72714e73f4efe24259ca05c8190eb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217639.

CISOs Are Focused on These 3 Trends. Are You?

The macro issues shaping the threat landscape can help security pros reset their priorities and reformulate strategy.

Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub

A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass techniques to create GitHub accounts in a programmatic fashion as part of a freejacking campaign dubbed PURPLEURCHIN. The group "primarily targets cloud platforms offering limited-time trials of cloud resources in order to perform their crypto mining operations," Palo Alto Networks Unit 42