#security-vulnerabilities

[ follow ]
#cybersecurity #remote-code-execution #privacy #data-privacy #patch-tuesday #bitchat #jack-dorsey #cve #vpn
Information security
fromZDNET
3 days ago

These popular free VPNs all share the same shady security practices - here's why

Multiple widely downloaded VPN apps share parent companies and contain security vulnerabilities like hard-coded Shadowsocks keys.
Artificial intelligence
fromFuturism
4 days ago

Exactly Six Months Ago, the CEO of Anthropic Said That in Six Months AI Would Be Writing 90 Percent of Code

AI has not replaced most software development; it often slows engineers, increases workload, and introduces security vulnerabilities and operational failures.
fromArs Technica
6 days ago

Former WhatsApp security boss sues Meta for "systemic cybersecurity failures"

The letter outlined not only the improper access engineers had to WhatsApp user data, but a variety of other shortcomings, including a "failure to inventory user data," as required under privacy laws in California, the European Union, and the FTC settlement, failure to locate data storage, an absence of systems for monitoring user data access, and an inability to detect data breaches that were standard for other companies.
Privacy professionals
Information security
fromTechzine Global
1 week ago

Hackers access Burger King systems with ease

Extensive security flaws at Restaurant Brands International allowed attackers full administrative access across 30,000+ Burger King, Tim Hortons, and Popeyes locations.
fromCSO Online
3 weeks ago

Microsoft fixes the fixes that broke Windows tools

Apart from affected clients running Windows 11 v23H2 and Windows 11 v22H2, the bug affected systems running Windows Server 2022 and Windows Server 2019.
Information security
fromInfoWorld
4 weeks ago

Google adds VM monitoring to Database Center amid enterprise demand

"The holistic visibility helps identify critical security vulnerabilities, improve security posture, and simplify compliance," said Charlie Dai, VP and principal analyst at Forrester.
Privacy professionals
fromComputerworld
1 month ago

For August, a 'complex' Patch Tuesday with 111 updates

Microsoft's August Patch Tuesday release offers 111 fixes affecting Windows, Office, SQL Server, and Exchange Server, requiring immediate attention for several vulnerabilities.
Privacy technologies
fromWIRED
1 month ago

Hackers Went Looking for a Backdoor in High-Security Safes-and Now Can Open Them in Seconds

Researchers James Rowley and Mark Omo uncovered vulnerabilities in Securam Prologic locks, allowing unauthorized access to electronic safes from various brands.
Information security
Privacy technologies
fromWIRED
1 month ago

A Misconfiguration That Haunts Corporate Streaming Platforms Could Expose Sensitive Data

Design flaws in streaming service APIs allow unauthorized access to content without subscription.
Ruby on Rails
fromThe Hacker News
1 month ago

RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes

60 malicious RubyGems packages target unsuspecting users, posing as automation tools to steal credentials.
fromComputerWeekly.com
1 month ago

Attacker could defeat Dell firmware flaws with a vegetable | Computer Weekly

The vulnerabilities on ControlVault USHs were potentially highly dangerous. These laptop models are widely-used in the cybersecurity industry, government settings and challenging environments in their rugged version.
Privacy technologies
Privacy technologies
fromTechCrunch
1 month ago

Sex toy maker Lovense threatens legal action after fixing security flaws that exposed users' data | TechCrunch

Lovense fixed security vulnerabilities that exposed emails and allowed account takeovers but is considering legal action over reported disclosures.
Artificial intelligence
fromThe Hacker News
1 month ago

NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers

New security flaws in NVIDIA's Triton Inference Server could allow remote control of servers through a series of vulnerabilities.
#cybersecurity
more#cybersecurity
Gadgets
fromThe Verge
1 month ago

DJI couldn't confirm or deny it disguised this drone to evade a US ban

DJI's drones are largely absent from the U.S. market, leading to alternatives like the SkyRover X1, closely resembling DJI products.
fromsfist.com
1 month ago

Sam Altman Warns of Coming AI-Created 'Fraud Crisis'

I am very nervous that we have an impending, significant, impending fraud crisis. A thing that terrifies me is apparently there are still some financial institutions that will accept a voice print as authentication for you to move a lot of money.
Privacy professionals
#bitchat
fromTechCrunch
2 months ago
Privacy technologies

Jack Dorsey says his 'secure' new Bitchat app has not been tested for security | TechCrunch

fromTechCrunch
2 months ago
Privacy technologies

Jack Dorsey says his 'secure' new Bitchat app has not been tested for security | TechCrunch

more#bitchat
Information security
fromTheregister
2 months ago

Veeam fixes another critical RCE bug in Backup & Replication

Users of Veeam Backup & Replication should urgently apply the latest patches to fix a critical remote code execution vulnerability.
Privacy technologies
fromTheregister
2 months ago

Sitecore fixes pre-auth RCE exploits in enterprise CMS

A pre-authentication exploit chain in Sitecore CMS could lead to full system takeover, affecting major companies.
Researchers found hardcoded passwords and other vulnerabilities in Sitecore CMS, posing serious security risks.
fromThe Hacker News
3 months ago

HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass

These vulnerabilities could be remotely exploited to allow remote code execution, disclosure of information, server-side request forgery, authentication bypass, arbitrary file deletion, and directory traversal information disclosure vulnerabilities.
Information security
Information security
fromThe Hacker News
3 months ago

New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora

Vulnerabilities in apport and systemd-coredump can let local attackers access sensitive information through race conditions.
Node JS
fromThe Cyber Express
3 months ago

Multer Vulnerabilities Expose Node.js Apps To DoS Attacks

Two critical vulnerabilities in Multer could crash Node.js applications through malformed uploads, emphasizing the need for immediate updates.
Tech industry
fromTheregister
4 months ago

Intel data-leaking Spectre defenses scared off once again

ETH Zurich researchers developed a method to bypass Intel's protections against Spectre vulnerabilities, highlighting ongoing security concerns.
Web frameworks
fromInfoQ
4 months ago

Spring News Roundup: RCs of Spring Boot, Data, Security, Auth, Session, Integration, Web Services

Recent updates in the Spring ecosystem include significant release candidates for Spring Boot and Spring Data, enhancing features and addressing vulnerabilities.
fromTheregister
4 months ago

The splintering of a standard bug tracking system has begun

"Dependence on the largesse of a single, and now volatile, government48;that's a serious flaw. The CVE funding fiasco is a wake-up call for the industry."
Privacy professionals
Apple
fromZDNET
4 months ago

Update your iPhone now to patch a CarPlay glitch and two serious security flaws

iOS 18.4.1 fixes CarPlay issues and crucial security vulnerabilities in iPhones.
London startup
fromDeveloper Tech News
5 months ago

Security flaws hit PyTorch Lightning deep learning framework

PyTorch Lightning has critical security flaws due to deserialisation vulnerabilities, potentially allowing arbitrary code execution from untrusted model files.
[ Load more ]