Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2023-33355: There is unauthorized access to the API, resulting in the disclosure of sensitive information · Issue #7 · Thecosy/IceCMS

IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access to the API, resulting in the disclosure of sensitive information.

CVE
Open in Source
#mac#auth
Cynet Protects Hospital From Lethal Infection

A hospital with 2,000 employees in the E.U. deployed Cynet protections across its environment. The hospital was in the process of upgrading several expensive imaging systems that were still supported by Windows XP and Windows 7 machines. Cynet protections were in place on most of the Windows XP and Windows 7 machines during the upgrade process, ensuring that legacy operating systems would not

CVE-2023-27529: Wacom Global

Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an improper link resolution before file access vulnerability. When a user is tricked to execute a small malicious script before executing the affected version of the installer, arbitrary code may be executed with the root privilege.

China's Stealthy Hackers Infiltrate U.S. and Guam Critical Infrastructure Undetected

A stealthy China-based group managed to establish a persistent foothold into critical infrastructure organizations in the U.S. and Guam without being detected, Microsoft and the "Five Eyes" nations said on Wednesday. The tech giant's threat intelligence team is tracking the activity, which includes post-compromise credential access and network system discovery, under the name Volt Typhoon. The

The Security Hole at the Heart of ChatGPT and Bing

Indirect prompt-injection attacks can leave people vulnerable to scams and data theft when they use the AI chatbots.

CVE-2023-2734: flutter-woo.php in mstore-api/tags/3.9.0/controllers – WordPress Plugin Repository

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.

CVE-2023-33248: International Conference on Cloud, IoT and Security (CIOS 2023)

Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing). Commands at these frequencies are essentially never spoken by authorized actors, but a substantial fraction of the commands are successful.

'Volt Typhoon' China-Backed APT Infiltrates US Critical Infrastructure Orgs

According to Microsoft and researchers, the state-sponsored threat actor could very well be setting up a contingency plan for disruptive attacks on the US in the wake of an armed conflict in the South China Sea.

CVE-2023-1944: GitHub - kubernetes/minikube: Run Kubernetes locally

This vulnerability enables ssh access to minikube container using a default password.

CVE-2023-1174: [Security Advisory] CVE-2023-1174, CVE-2023-1944: Network port exposure and ssh access using default password

This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container.