December 11, 2024 at 01:33PM Apple’s iPadOS 17.7.3 update, releasing on December 11, 2024, addresses multiple vulnerabilities (CVE-2024-44201, CVE-2024-54486, among others) affecting iPad Pro 12.9-inch (2nd gen), iPad Pro 10.5-inch, and iPad 6th gen. Issues include memory disclosure, kernel state leakage, denial of service, and unexpected crashes. ### Meeting Notes Summary **Apple ID**: 121838 **Release … Read more
October 15, 2024 at 01:51PM Apple released a security update for tvOS 17.6 on July 29, 2024, addressing several vulnerabilities (CVE-2024-40774, 40799, 40815, etc.) that could allow apps to bypass privacy settings, cause app terminations, reveal kernel memory layout, or enable cross-site scripting attacks. Update is available for Apple TV HD and 4K models. ### … Read more
October 14, 2024 at 12:56PM Researchers from the University of Texas discovered the “ConfusedPilot” attack, which targets retrieval augmented generation (RAG)-based AI systems by introducing malicious documents. This manipulation can confuse AI responses, leading to misinformation. Current mitigation strategies include strict data access controls, integrity audits, and data segmentation to protect organizational information. **Meeting Takeaways: … Read more
June 28, 2024 at 10:45AM GetReal Labs, a startup combating manipulated content and deepfakes, has emerged from stealth mode after being incubated by Ballistic Ventures and UC Berkeley Professor Hany Farid. With a focus on authenticating content and detecting deception, the company aims to protect organizations and users worldwide, particularly in financial, media, and government … Read more
April 30, 2024 at 01:32PM Since early 2021, three large-scale campaigns targeted Docker Hub users by planting millions of repositories containing malware and phishing sites. JFrog researchers discovered that 20% of Docker Hub’s 15 million repositories had malicious content. They identified nearly 4.6 million repositories with no Docker images, linked to three major malicious campaigns. … Read more
January 31, 2024 at 01:34PM Summary: Apple released an update on January 31, 2024, addressing CVE-2024-23222, a type confusion issue in WebKit. The update includes improved checks to prevent arbitrary code execution from malicious web content. Apple is investigating reports of potential exploitation and has made the update available for Apple Vision Pro. Based on … Read more
January 24, 2024 at 02:48PM “VexTrio, a previously unknown Traffic Distribution System (TDS), has been active since 2017, aiding 60 affiliates in cybercrime operations through a massive network of 70,000 sites. This highly pervasive entity partners with cybercrime campaigns and operators, utilizing various deceptive tactics to generate revenue and make detection challenging. Mitigation strategies include … Read more