Cyberveille

Apple Patches Vision Pro Vulnerability Used in Possibly ‘First Ever Spatial Computing Hack’ https://www.securityweek.com/apple-patches-vision-pro-vulnerability-used-in-first-ever-spatial-computing-hack/

13/06/2024 16:32:27

Apple on Monday updated visionOS, the operating system powering its Vision Pro virtual reality headset, to version 1.2, which addresses several vulnerabilities, including what may be the first security flaw that is specific to this product.

visionOS 1.2 patches nearly two dozen vulnerabilities. However, a vast majority of them are in components that visionOS shares with other Apple products, such as iOS, macOS and tvOS.

Cyber Army of Russia — DDoS Tool. The «Cyber Army of Russia» (or… | by PJ) https://medium.com/@PJ04857920/cyber-army-of-russia-ddos-tool-3b3050419225

13/06/2024 09:48:12

The «Cyber Army of Russia» (or “people’s Cyber Army”), published their own DDoS-Tool on Wednesday (2023–11–29). According to their post, it is based on the code of the Aura-DDoS tool (used by the…

Hacker Accesses Internal ‘Tile’ Tool That Provides Location Data to Cops https://www.404media.co/email/b2f3b3e8-64a2-4f91-b0b7-8c6220721ecb/

12/06/2024 18:24:38

A hacker broke into systems used by Tile, the tracking company, then stole a wealth of customer data and had access to internal company tools.

You’ve Got Mail: Critical Microsoft Outlook Vulnerability Executes as Email is Opened https://blog.morphisec.com/cve-2024-30103-microsoft-outlook-vulnerability

12/06/2024 16:56:33

Morphisec researchers have identified a critical Microsoft Outlook vulnerability, CVE-2024-30103, and detail its technical impact and recommended actions.

CVE-2024-29824 Deep Dive: Ivanti EPM SQL Injection Remote Code Execution Vulnerability – Horizon3.ai https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29824-deep-dive-ivanti-epm-sql-injection-remote-code-execution-vulnerability/

12/06/2024 16:55:47

CVE-2024-29824 Ivanti EPM SQL Injection Remote Code Execution Vulnerability. This blog details the internals of a SQLi RCE vulnerability.

IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment – The DFIR Report https://thedfirreport.com/2024/06/10/icedid-brings-screenconnect-and-csharp-streamer-to-alphv-ransomware-deployment/

11/06/2024 21:34:35

Key Takeaways In October 2023, we observed an intrusion that began with a spam campaign, distributing a forked IcedID loader. The threat actor used Impacket’s wmiexec and RDP to install Scree…

The New York Times source code leaked by a 4chan user https://stackdiary.com/the-new-york-times-source-code-leaked-by-a-4chan-user/

11/06/2024 20:54:58

A user on the online forum 4chan has leaked a massive 270GB of data belonging to The New York Times. This leak includes the source code for the

Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2024-patch-tuesday-fixes-51-flaws-18-rces/

11/06/2024 19:47:40

Today is Microsoft's June 2024 Patch Tuesday, which includes security updates for 51 flaws, eighteen remote code execution flaws, and one publicly disclosed zero-day vulnerability.
#Microsoft #Patch #Security #Tuesday #Update #Vulnerability #Windows

CVE-2024-4577 RCE in PHP CGI: Everything you need to know | Wiz Blog https://www.wiz.io/blog/critical-rce-php-cgi-vulnerability

11/06/2024 16:56:23

Detect and mitigate CVE-2024-4577, a critical remote code execution vulnerability in PHP CGI. Organizations are advised to patch urgently.

Bypassing Veeam Authentication CVE-2024-29849 https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/

11/06/2024 16:31:43

Veeam Backup Enterprise Manager Authentication Bypass

Switzerland notes increase in cyberattacks ahead of Ukraine peace summit https://therecord.media/ukraine-peace-summit-switzerland-cyberattacks-warning

11/06/2024 16:21:23

Russia, which hasn’t been invited to the summit, has repeatedly called it “meaningless and harmful.” Swiss officials did not provide more details about the reported cyberattacks.

UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion https://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion?hl=en

11/06/2024 08:43:35

A campaign targeting Snowflake customer database instances with the intent of data theft and extortion.

Urgent call for O-type blood donations following London hospitals ransomware attack https://therecord.media/london-hospitals-ransomware-urgent-call-blood-donations-otype

11/06/2024 08:36:44

As a result of the cyberattack “hospitals cannot currently match patients’ blood at the same frequency as usual,” announced NHS Blood and Transplant.

Mandiant says hackers stole a 'significant volume of data' from Snowflake customers https://techcrunch.com/2024/06/10/mandiant-hackers-snowflake-stole-significant-volume-data-customers/

11/06/2024 06:43:43

The security firm said the attacks targeting Snowflake customers is "ongoing," suggesting the number of affected companies may rise.

Apple’s AI promise: “Your data is never stored or made accessible to Apple” https://arstechnica.com/ai/2024/06/apples-ai-promise-your-data-is-never-stored-or-made-accessible-by-apple/

11/06/2024 06:42:41

And publicly reviewable server code means experts can "verify this privacy promise."

Private Cloud Compute: A new frontier for AI privacy in the cloud https://security.apple.com/blog/private-cloud-compute/

11/06/2024 06:41:58

Secure and private AI processing in the cloud poses a formidable new challenge. To support advanced features of Apple Intelligence with larger foundation models, we created Private Cloud Compute (PCC), a groundbreaking cloud intelligence system designed specifically for private AI processing. Built with custom Apple silicon and a hardened operating system, Private Cloud Compute extends the industry-leading security and privacy of Apple devices into the cloud, making sure that personal user data sent to PCC isn’t accessible to anyone other than the user — not even to Apple. We believe Private Cloud Compute is the most advanced security architecture ever deployed for cloud AI compute at scale.

Festung Bürgenstock: Diese Gefahren drohen rund um die Friedenskonferenz https://www.nzz.ch/schweiz/festung-buergenstock-diese-gefahren-drohen-rund-um-die-friedenskonferenz-ld.1833005

10/06/2024 09:09:49

Bauernkinder dürfen nicht mehr alleine zur Schule, kritische Infrastruktur wird vor russischen Cyberangriffen geschützt, und im Hotel wird jede Crèmeschnitte einzeln durchleuchtet. Heikel wird es bei einem Angriff mit Minidrohnen. Oder wenn eines von Putins Schlafviren erwacht.

La SSR sur ses gardes face à l'éventualité de cyberattaques pendant le sommet du Bürgenstock https://www.rts.ch/info/suisse/2024/article/la-ssr-sur-ses-gardes-face-a-l-eventualite-de-cyberattaques-pendant-le-sommet-du-burgenstock-28528499.html

10/06/2024 09:04:24

Si la Russie ne participera pas à la conférence sur la paix en Ukraine du Bürgenstock, l'Office fédéral de la cybersécurité met en garde contre d'éventuelles actions perturbatrices de sa part. Première responsable de la transmission d'informations, la SSR est sur le qui-vive.

Malicious VSCode extensions with millions of installs discovered https://www.bleepingcomputer.com/news/security/malicious-vscode-extensions-with-millions-of-installs-discovered/

10/06/2024 09:00:09

A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to

Russia-linked 'Lumma' crypto stealer now targets Python devs https://www.sonatype.com/blog/crytic-compilers-typosquats-known-crypto-library-drops-windows-trojan

09/06/2024 16:32:39

Sonatype's automated malware detection systems identified a malicious PyPI package called crytic-compilers, connected to Russia-linked Lumma Windows stealer, and named very closely after a well-known legitimate Python library that is used by cryptocurrency developers.

Liens par page

Filtres