Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Implementing Identity Continuity With the NIST Cybersecurity Framework

Having a robust identity continuity plan is not just beneficial but essential for avoiding financially costly and potentially brand-damaging outages.

DARKReading
Open in Source
#web#ios#oracle#auth
Extending Red Hat Unified Kernel Images More Securely By Using Addons

With the advent of Confidential Virtual Machines (CVMs) in RHEL, a new challenge has emerged: Extending the Red Hat UKI (Unified Kernel Image) more safely and without compromising its security footprint. Starting with Red Hat 9.4, the systemd package (252-31 and onwards) supports UKI addons, which aim to solve this issue.In this blog, I explore the addons that enable safer extension of the UKI kernel command line.What is the Unified Kernel Image (UKI)?The linux kernel is the core of any Linux operating system. It's the interface between the hardware and the processes running on it, providing m

Siri Bug Enables Data Theft on Locked Apple Devices

Malicious actors could potentially exploit this vulnerability if they gain physical access to a user's device.

GHSA-r49h-6qxq-624f: Weave server API vulnerable to arbitrary file leak

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin.

GHSA-wf3x-jccf-5g5g: XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader

### Impact When uploading an attachment with a malicious filename, malicious JavaScript code could be executed. This requires a social engineering attack to get the victim into uploading a file with a malicious name. The malicious code is solely executed during the upload and affects only the user uploading the attachment. While this allows performing actions in the name of that user, it seems unlikely that a user wouldn't notice the malicious filename while uploading the attachment. In order to reproduce, as any user, create a file named `"><img src=1 onerror=alert(1)>.jpg`. Then go to any page where you have edit rights and upload the file in the attachments tab. If alerts appear and display "1", then the instance is vulnerable. ### Patches This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0. ### Workarounds We're not aware of any workaround except upgrading. ### References * https://jira.xwiki.org/browse/XWIKI-19611 * https://jira.xwiki.org/browse/XWIKI-21769 * h...

Would Making Ransom Payments Illegal Result in Fewer Attacks?

If paying a ransom is prohibited, organizations won't do it — eliminating the incentive for cybercriminals. Problem solved, it seems. Or is it?

Apple fixes Siri vulnerabilities that could have allowed sensitive data theft from locked device. Update now!

Apple has released security updates that patch vulnerabilities in Siri and VoiceOver that could be used to access sensitive user data.

Debian Security Advisory 5734-2

Debian Linux Security Advisory 5734-2 - The security update announced as DSA 5734-1 caused a regression on configurations using the Samba DLZ module. Updated packages are now available to correct this issue.