Aggregator

A vulnerability was found in Apple iOS and iPadOS. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-40785. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple iOS and iPadOS and classified as critical. Affected by this issue is some unknown functionality of the component Private Browsing Tab Handler. The manipulation leads to improper authentication. This vulnerability is handled as CVE-2024-44202. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

From predictive analytics to hyper-personalized content delivery, organizations are reimagining how they communicate security solutions. Discover how AI is revolutionizing cybersecurity marketing strategies for 2025 and beyond.

The post The Future of Cybersecurity Marketing: AI-Driven Strategies for 2025 and Beyond appeared first on Security Boulevard.

A week in security (December 2 – December 8)

Масштабы скрытой угрозы удивляют даже опытных ИБ-экспертов.

Ideas and Execution

CERT-AGID 30 novembre – 6 dicembre: il phishing colpisce Intesa Sanpaolo

/r/ReverseEngineering's Weekly Questions Thread

QR codes bypass browser isolation for malicious C2 communication

全面防护：AI驱动持续安全验证，灵活应对万变攻击

7 个不容忽视的开源安全工具

ByePhotos – 找出 iPhone 相册中的重复照片，还支持压缩视频[限免中]

今日暂未更新资讯~
更多最新文章，请访问SecWiki

Counter Claims to have Leaked the Data of Tourpay

Microsoft, in collaboration with the Institute of Science and Technology Australia and ETH Zurich, has announced the LLMail-Inject Challenge, a competition to test and improve defenses against prompt injection attacks. The setup and the challenge LLMail is a simulated email client that includes an LLM-powered assistant that can answer questions based on the users’ emails. “In this challenge, participants take the role of an attacker who can send an email to the (victim) user. The … More →

The post Microsoft: “Hack” this LLM-powered service and get paid appeared first on Help Net Security.

Когда смартфон становится идеальным оружием для высокоточных атак.

A vulnerability was found in Palo Alto PAN-OS, Prisma Access and Cloud NGFW and classified as critical. This issue affects some unknown processing of the component VPN Connection Handler. The manipulation leads to improper verification of source of a communication channel. The identification of this vulnerability is CVE-2024-0009. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Palo Alto PAN-OS, Prisma Access and Cloud NGFW. It has been classified as problematic. Affected is an unknown function of the component Management Interface. The manipulation leads to session expiration. This vulnerability is traded as CVE-2024-0008. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Palo Alto PAN-OS, Prisma Access and Cloud NGFW. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component GlobalProtect Portal. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-0010. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Palo Alto PAN-OS, Prisma Access and Cloud NGFW. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-0011. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.