Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

A suicide reveals the lonely side of AI chatbots, with Courtney Brown (Lock and Code S06E03)

This week on the Lock and Code podcast, we speak with Courtney Brown about whether an AI chatbot can be blamed for a teenager's suicide.

Malwarebytes
Open in Source
#ios#mac
Analyst Burnout Is an Advanced Persistent Threat

For too long, we've treated our analysts as mere cogs in a machine, expecting them to conform to the limitations of our tools and processes. It's time to revolutionize security operations.

Small praise for modern compilers - A case of Ubuntu printing vulnerability that wasn’t

By Aleksandar Nikolich Earlier this year, we conducted code audits of the macOS printing subsystem, which is heavily based on the open-source CUPS package. During this investigation, IPP-USB protocol caught our attention. IPP over USB specification defines how printers that are available over USB can only still support network printing

The Rise of the Drone Boats

Swarms of weaponized unmanned surface vessels have proven formidable weapons in the Black and Red Seas. Can the US military learn the right lessons from it?

Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection

Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. "The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning of the file," ReversingLabs researcher Karlo Zanki said in a report shared with The Hacker News. "

ASP.NET Vulnerability Lets Hackers Hijack Servers, Inject Malicious Code

Microsoft cybersecurity experts have identified a vulnerability flaw affecting ASP.NET applications, putting thousands of web servers at risk.…

Microsoft: Thousands of Public ASP.NET Keys Allow Web Server RCE

Developers are pulling in publicly available ASP.NET keys into their environments, without realizing that cyberattackers can use them for clandestine code injection.

Behavioral Analytics in Cybersecurity: Who Benefits Most?

As the cost of data breaches continues to climb, the role of user and entity behavioral analytics (UEBA) has never been more important.

Microsoft Identifies 3,000+ Publicly Disclosed ASP.NET Machine Keys Vulnerable to Code Injection

Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their applications in attackers' pathway. The tech giant's threat intelligence team said it observed limited activity in December 2024 that involved an unknown threat actor using a publicly available, static ASP.NET

GHSA-c7w4-9wv8-7x7c: WhoDB allows parameter injection in DB connection URIs leading to local file inclusion

### Summary The application is vulnerable to parameter injection in database connection strings, which allows an attacker to read local files on the machine the application is running on. ### Details The application uses string concatenation to build database connection URIs which are then passed to corresponding libraries responsible for setting up the database connections. This string concatenation is done unsafely and without escaping or encoding the user input. This allows an user, in many cases, to inject arbitrary parameters into the URI string. These parameters can be potentially dangerous depending on the libraries used. One of these dangerous parameters is `allowAllFiles` in the library `github.com/go-sql-driver/mysql`. Should this be set to `true`, the library enables running the `LOAD DATA LOCAL INFILE` query on any file on the host machine (in this case, the machine that WhoDB is running on). Source: https://github.com/go-sql-driver/mysql/blob/7403860363ca112af503b4612...