Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Vagrant Synced Folder Vagrantfile Breakout

This Metasploit module exploits a default Vagrant synced folder (shared folder) to append a Ruby payload to the Vagrant project Vagrantfile config file. By default, unless a Vagrant project explicitly disables shared folders, Vagrant mounts the project directory on the host as a writable vagrant directory on the guest virtual machine. This directory includes the project Vagrantfile configuration file. Ruby code within the Vagrantfile is loaded and executed when a user runs any vagrant command from the project directory on the host, leading to execution of Ruby code on the host.

Packet Storm
Open in Source
#mac#windows#git#auth#ruby
Apple iOS and macOS Flaw Could've Let Apps Eavesdrop on Your Conversations with Siri

A now-patched security flaw in Apple's iOS and macOS operating systems could have potentially enabled apps with Bluetooth access to eavesdrop on conversations with Siri. Apple said "an app may be able to record audio using a pair of connected AirPods," adding it addressed the Core Bluetooth issue in iOS 16.1 with improved entitlements. Credited with discovering and reporting the bug in August

Post-quantum cryptography: Hash-based signatures

Last quarter, I introduced the issue where our existing public key cryptography algorithms are vulnerable to a potentially new form of computers called quantum computers. In this article I introduce one of the better understood potential replacements: Hash-based signatures.

Point-of-sale malware used to steal 167,000 credit cards

Categories: News Tags: POS Tags: malware Tags: credit card Tags: credit identity theft Tags: C2 Tags: MajikPOS Tags: Treasure Hunter Researchers have discovered the theft of 167,000 sets of credit card detials by MajikPOS and Treasure Hunter POS malware (Read more...) The post Point-of-sale malware used to steal 167,000 credit cards appeared first on Malwarebytes Labs.

Apple MacOS Ventura Bug Breaks Third-Party Security Tools

Your anti-malware software may not work if you upgraded to the new operating system. But Apple says a fix is on the way.

Google Chrome Pays $57K (and Counting) in Bug Bounties for Latest Update

Chrome's Stable Channel 107 rollout includes security fixes from a slew of independent researchers, racking up nearly $60,000 in bounties.

Ransomware Gangs Ramp Up Industrial Attacks in US

The manufacturing segment was especially hard hit by cyberattacks in the third quarter of 2022.

Cisco Warns AnyConnect VPNs Under Active Cyberattack

Older bugs in the AnyConnect Secure Mobility Client are being targeted in the wild, showcasing patch-management failures.

Open Source Is Just the Tip of the Iceberg in Software Supply Chain Security

As more of the software stack consists of third-party code, it's time for a more-advanced open source vetting system.

BlackBerry Launches Cyber Threat Intelligence Service to Strengthen Cyber Defenses

New service from BlackBerry's Threat Research and Intelligence Team reduces unknowns to enhance detection and response.