#vulnerabilitydisclosure – Page 5

A mishandled GitHub token exposed Mercedes-Benz source code

January 30, 2024 by Xynik

January 30, 2024 at 01:46PM A mishandled GitHub token granted unrestricted access to Mercedes-Benz’s internal GitHub Enterprise Service, exposing sensitive source code. RedHunt Labs discovered and reported the security breach, prompting Mercedes-Benz to revoke the token and remove the public repository. The leak could have severe consequences, including reverse-engineering proprietary technology, potential GDPR infringement, and … Read more

Researchers Uncover How Outlook Vulnerability Could Leak Your NTLM Passwords

January 29, 2024 by Xynik

January 29, 2024 at 09:17AM A Microsoft Outlook security flaw, CVE-2023-35636, could expose NTLM v2 hashed passwords through a specially crafted file, recently patched by Microsoft. Attackers could exploit it via email or web, convincing users to open the file or click a link. Varonis researcher Dolev Taler reported the bug, highlighting potential leakage vulnerabilities. … Read more

Hacker Conversations: HD Moore and the Line Between Black and White

January 16, 2024 by Xynik

January 16, 2024 at 07:36AM The definition of a hacker is explored in an interview with HD Moore, who highlights the distinctions between moral, amoral, and immoral hacking based on intent and actions. He recounts his upbringing, early experiences of exploring technology, and the ethical dilemmas faced. The interview delves into the legal implications and … Read more

In Other News: WEF’s Unsurprising Cybersecurity Findings, KyberSlash Cryptography Flaw

January 12, 2024 by Xynik

January 12, 2024 at 09:46AM A weekly cybersecurity roundup by SecurityWeek provides a concise compilation of noteworthy stories often overlooked. This week’s round-up includes the WEF’s cybersecurity report, a kyber vulnerability, a self-spreading botnet, Iranian APT attacking Albania, North Korean crypto theft, a new cybersecurity institute, disclosures of vulnerabilities, reports from Cloudflare, and patches for … Read more

Infoseccers think attackers backed by China are behind Ivanti zero-day exploits

January 11, 2024 by Xynik

January 11, 2024 at 10:28AM Chinese nation-state attackers have been exploiting two zero-day vulnerabilities in Ivanti’s security products, particularly affecting Ivanti Connect Secure (ICS) and Policy Secure. The US Cybersecurity and Infrastructure Security Agency (CISA) has advised users to apply the current workaround. Ivanti’s patches for the vulnerabilities are staggered, and organizations are urged to … Read more

Alert: Ivanti Releases Patch for Critical Vulnerability in Endpoint Manager Solution

January 5, 2024 by Xynik

January 5, 2024 at 03:27AM Ivanti has issued security updates for a critical flaw in its Endpoint Manager solution, posing a remote code execution risk. The vulnerability, rated 9.6 on the CVSS scale, affects EPM 2021 and 2022 prior to SU5. Ivanti also addressed multiple security flaws in its Avalanche enterprise mobile device management solution, … Read more

The Unlikely Romance of Hackers and Government Suitors

December 14, 2023 by Xynik

December 14, 2023 at 10:08AM The annual Hack the Capitol event brings together scientists, hackers, and policymakers to educate about critical cybersecurity challenges. The convergence of AI, security concerns, and policy efforts is evident. Public support for new policy guardrails has reinforced government and industry involvement with bug bounties. Government agencies have stepped up to … Read more

New 5G Modems Flaws Affect iOS Devices and Android Models from Major Brands

December 8, 2023 by Xynik

December 8, 2023 at 01:00PM A set of security vulnerabilities in 5G mobile modems from major chipset vendors like MediaTek and Qualcomm, dubbed 5Ghoul, affects USB, IoT modems, and numerous smartphone models. The vulnerabilities, disclosed by researchers from SUTD, could allow for continuous or downgraded attacks. Patches have been released for most flaws, impacting product … Read more

Unpatched Loytec Building Automation Flaws Disclosed 2 Years After Discovery

December 5, 2023 by Xynik

December 5, 2023 at 09:24AM Two years post-discovery, details on 10 unpatched vulnerabilities in Loytec building automation products were made public. Clear Takeaways from Meeting Notes: 1. There are 10 unpatched vulnerabilities that have been found in Loytec building automation products. 2. The details of these vulnerabilities have been publicly disclosed. 3. The disclosure occurred … Read more

Google Patches Another Chrome Zero-Day as Browser Attacks Mount

November 29, 2023 by Xynik

November 29, 2023 at 03:28PM Google has revealed another actively exploited Chrome zero-day vulnerability (CVE-2023-6345) due to an integer overflow in Skia graphics. It’s the seventh zero-day patched this year amidst numerous critical browser flaws disclosed by major tech companies. Growing browser usage and Chromium’s shared base have heightened interest among attackers, leading to increased … Read more