Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

The Low Threshold for Face Recognition in New Delhi

Police in India's capital say they only require an 80 percent accuracy rate for matches, raising new alarm bells for civil liberty advocates.

Wired
Open in Source
#mac
CVE-2022-30036: Pwning a $60,000 Lighting Console in a Few Minutes

MA Lighting grandMA2 Light has a password of root for the root account. NOTE: The vendor's position is that the product was designed for isolated networks. Also, the successor product, grandMA3, is not affected by this vulnerability.

DeepSurface Adds Risk-Based Approach to Vulnerability Management

DeepSurface’s Tim Morgan explains how network complexity and cloud computing have contributed to the challenge, and how automation can help.

New Grandoreiro Banking Malware Campaign Targeting Spanish Manufacturers

Organizations in the Spanish-speaking nations of Mexico and Spain are in the crosshairs of a new campaign designed to deliver the Grandoreiro banking trojan.  "In this campaign, the threat actors impersonate government officials from the Attorney General's Office of Mexico City and from the Public Ministry in the form of spear-phishing emails in order to lure victims to download and execute '

Janet Jackson’s ‘Rhythm Nation’ Can Crash Old Hard Drives

Plus: The Twilio hack snags a reporter, a new tool to check for spyware, and the Canadian weed pipeline gets hit by a cyberattack.

Intel Adds New Circuit to Chips to Ward Off Motherboard Exploits

The countermeasure, which compares the time and voltage at which circuits are activated, is being implemented in 12th Gen Intel Core processors.

CVE-2022-2793

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353 Missing Support for Integrity Check, and has no authentication or authorization of data packets after establishing a connection for the SRTP protocol.

Threat Roundup for August 12 to August 19

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 12 and Aug. 19. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net. For each threat described below, this blog post only lists 2...

Patch Now: 2 Apple Zero-Days Exploited in Wild

The fact that the flaws enable remote code execution, exist across all major Apple OS technologies, and are being actively exploited heightens the need for a quick response.

Apple Security Advisory 2022-08-18-1

Apple Security Advisory 2022-08-18-1 - Safari 15.6.1 addresses code execution and out of bounds write vulnerabilities.