Aggregator

CVE-2024-23293 | Apple iOS/iPadOS Siri state issue

2 months 1 week ago

A vulnerability identified as problematic has been detected in Apple iOS and iPadOS. This vulnerability affects unknown code of the component Siri. This manipulation causes state issue. This vulnerability is tracked as CVE-2024-23293. It is feasible to perform the attack on the physical device. No exploit exists. You should upgrade the affected component.

vuldb.com

CVE-2024-23293 | Apple macOS Siri state issue

Vuldb Updates

2 months 1 week ago

A vulnerability labeled as problematic has been found in Apple macOS. This issue affects some unknown processing of the component Siri. Such manipulation leads to state issue. This vulnerability is listed as CVE-2024-23293. The attack can be executed directly on the physical device. There is no available exploit. The affected component should be upgraded.

vuldb.com

CVE-2024-23291 | Apple tvOS Notifications log file

Vuldb Updates

2 months 1 week ago

A vulnerability described as problematic has been identified in Apple tvOS. The affected element is an unknown function of the component Notifications Handler. Executing a manipulation can lead to sensitive information in log files. This vulnerability is registered as CVE-2024-23291. The attack needs to be launched locally. No exploit is available. Upgrading the affected component is recommended.

vuldb.com

CVE-2024-23291 | Apple iOS/iPadOS Notifications log file

Vuldb Updates

2 months 1 week ago

A vulnerability classified as problematic has been found in Apple iOS and iPadOS. The impacted element is an unknown function of the component Notifications Handler. The manipulation leads to sensitive information in log files. This vulnerability is documented as CVE-2024-23291. The attack needs to be performed locally. There is not any exploit available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2024-23291 | Apple macOS Notifications log file

Vuldb Updates

2 months 1 week ago

A vulnerability classified as problematic was found in Apple macOS. This affects an unknown function of the component Notifications Handler. The manipulation results in sensitive information in log files. This vulnerability is reported as CVE-2024-23291. The attack requires a local approach. No exploit exists. Upgrading the affected component is advised.

vuldb.com

CVE-2024-23291 | Apple watchOS Notifications log file

Vuldb Updates

2 months 1 week ago

A vulnerability, which was classified as problematic, has been found in Apple watchOS. This impacts an unknown function of the component Notifications Handler. This manipulation causes sensitive information in log files. This vulnerability appears as CVE-2024-23291. The attack requires local access. There is no available exploit. It is advisable to upgrade the affected component.

vuldb.com

CVE-2024-23290 | Apple watchOS access control

Vuldb Updates

2 months 1 week ago

A vulnerability identified as critical has been detected in Apple watchOS. The affected element is an unknown function. Performing a manipulation results in improper access controls. This vulnerability is identified as CVE-2024-23290. The attack is only possible with local access. There is not any exploit available. You should upgrade the affected component.

vuldb.com

Посмотрели кино – отдали телефон. Видеокарта в Android научилась раздавать права доступа кому попало

Securitylab.ru

2 months 1 week ago

Закрытая уязвимость в Android все еще тревожит специалистов.

对话特赞范凌：我亲手「杀死」了过去的自己，AI 时代所有的留恋都是负担

极客公园

2 months 1 week ago

当所有人都能调用 AI 时，什么才是你真正的护城河？

AiLock

Dark Feed IO

2 months 1 week ago

You must login to view this content

cohenido

AiLock

Dark Feed IO

2 months 1 week ago

You must login to view this content

cohenido

白帽成长培养体系上线！BSRC奖励规则v9.0来咯！

百度安全应急响应中心

2 months 1 week ago

《百度安全应急响应中心漏洞奖励细节V9.0》全新升级！

Microsoft still working to fix Exchange Online mailbox access issues

Bleeping Computer.

2 months 1 week ago

Microsoft is investigating and working to resolve Exchange Online mailbox access issues that have intermittently affected Outlook mobile and macOS users for weeks. [...]

Sergiu Gatlan

Malicious Chrome Extension “ChatGPT Ad Blocker” Steals ChatGPT Conversations

Cyber Security News

2 months 1 week ago

As OpenAI introduces advertisements to its free tier, cybercriminals are seizing the opportunity to trick users with fake utility tools. Security researchers have discovered a malicious Google Chrome extension named “ChatGPT Ad Blocker.” While it claims to hide unwanted ads, its true purpose is to steal private user conversations and send them to a hidden […]

The post Malicious Chrome Extension “ChatGPT Ad Blocker” Steals ChatGPT Conversations appeared first on Cyber Security News.

Abinaya

Company that Secretly Records and Publishes Zoom Meetings

不安全

2 months 1 week ago

好的，我现在需要帮用户总结一篇关于WebinarTV的文章，控制在100字以内。首先，我得仔细阅读文章内容，理解主要信息。文章提到WebinarTV通过互联网搜索公开的Zoom会议邀请，加入这些会议后秘密录制，并发布这些录音。重要的是，他们没有使用Zoom的内置录制功能，所以Zoom无法采取措施阻止。接下来，我需要将这些关键点浓缩成一句话。要确保涵盖公司名称、行为、技术手段以及影响。同时，语言要简洁明了，避免使用复杂的术语。可能的结构是：公司名称 + 行为 + 技术手段 + 影响。例如，“WebinarTV秘密录制并发布公开Zoom会议，利用非Zoom功能规避监管。” 检查字数是否在限制内，并确保信息准确无误。最后，确认没有使用任何开头词如“这篇文章总结了...”，直接描述内容。 WebinarTV秘密录制并发布公开Zoom会议，利用非Zoom功能规避监管。

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

The Hackers News

2 months 1 week ago

The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069. Maintainer Jason Saayman said the attackers tailored their social engineering efforts "specifically to me" by first approaching him under the guise of the founder of a

The Hacker News