Cybersecurity Products Conking Out After macOS Sequoia Update

September 23, 2024 at 07:55AM macOS 15 Sequoia’s release has caused disruptions for cybersecurity software and network connectivity. Users reported issues with security solutions from CrowdStrike, ESET, Microsoft, and SentinelOne, as well as connectivity problems and browser malfunctions. Apple was aware of the problems, yet still released the update. Workarounds and risks have been suggested … Read more

Students Spot Washing Machine App Flaw That Gives Out Free Cycles

May 20, 2024 at 03:32PM UCSC students Alexander Sherbrooke and Iakov Taranenko discovered a security flaw in CSC ServiceWorks washing machines, allowing for free unlimited laundry cycles. Despite reporting the bug to the company and posting about it on Slug Security, CSC has not responded or fixed the vulnerability. Taranenko highlighted the potential financial impact … Read more

JetBrains keeps mum on 26 ‘security problems’ fixed after Rapid7 spat

March 28, 2024 at 01:29PM Users of JetBrains TeamCity are advised to upgrade to the latest version due to the release of 26 security fixes. However, JetBrains has not revealed specific details about the vulnerabilities, opting for extreme caution following past disclosure drama. The new version also introduces a semi-automatic upgrade feature for on-premises users, … Read more

ML Model Repositories: The Next Big Supply Chain Attack Target

March 18, 2024 at 06:15PM Machine-learning model platforms, such as Hugging Face, are vulnerable to attacks similar to those experienced by npm, PyPI, and other open source repositories. These attacks have been successfully executed by threat actors for years. It seems from the meeting notes that the discussion highlighted the susceptibility of machine-learning model platforms … Read more

JetBrains TeamCity under attack by ransomware thugs after disclosure mess

March 7, 2024 at 11:39AM Security researchers have observed increasing exploit attempts using the latest vulnerabilities in JetBrains’ TeamCity, leading to ransomware deployment. Telemetry indicates active attacks using modified Jasmin ransomware. The uncoordinated disclosure of vulnerabilities between JetBrains and Rapid7 has caused a stir in the cybersecurity community, highlighting contrasting policies regarding vulnerability disclosure. Users … Read more

Researchers Claim Design Flaw in Google Workspace Puts Organizations at Risk

November 28, 2023 at 10:12AM Google is disputing a security vendor’s report on a design weakness in Google Workspace that allegedly exposes users to data theft and other security issues. According to Hunters Security, a flaw in Google Workspace’s domain-wide delegation feature allows attackers to steal email, exfiltrate data, and perform unauthorized actions. Google denies … Read more