May 20, 2024 at 03:32PM UCSC students Alexander Sherbrooke and Iakov Taranenko discovered a security flaw in CSC ServiceWorks washing machines, allowing for free unlimited laundry cycles. Despite reporting the bug to the company and posting about it on Slug Security, CSC has not responded or fixed the vulnerability. Taranenko highlighted the potential financial impact … Read more
March 28, 2024 at 01:29PM Users of JetBrains TeamCity are advised to upgrade to the latest version due to the release of 26 security fixes. However, JetBrains has not revealed specific details about the vulnerabilities, opting for extreme caution following past disclosure drama. The new version also introduces a semi-automatic upgrade feature for on-premises users, … Read more
March 18, 2024 at 06:15PM Machine-learning model platforms, such as Hugging Face, are vulnerable to attacks similar to those experienced by npm, PyPI, and other open source repositories. These attacks have been successfully executed by threat actors for years. It seems from the meeting notes that the discussion highlighted the susceptibility of machine-learning model platforms … Read more
March 7, 2024 at 11:39AM Security researchers have observed increasing exploit attempts using the latest vulnerabilities in JetBrains’ TeamCity, leading to ransomware deployment. Telemetry indicates active attacks using modified Jasmin ransomware. The uncoordinated disclosure of vulnerabilities between JetBrains and Rapid7 has caused a stir in the cybersecurity community, highlighting contrasting policies regarding vulnerability disclosure. Users … Read more
November 28, 2023 at 10:12AM Google is disputing a security vendor’s report on a design weakness in Google Workspace that allegedly exposes users to data theft and other security issues. According to Hunters Security, a flaw in Google Workspace’s domain-wide delegation feature allows attackers to steal email, exfiltrate data, and perform unauthorized actions. Google denies … Read more