Found 42 bookmarks
Custom sorting
QNAP warns severe OpenSSL bug affects most of its NAS devices
QNAP warns severe OpenSSL bug affects most of its NAS devices
Taiwan-based network-attached storage (NAS) maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago. Attackers can exploit the vulnerability, tracked as CVE-2022-0778, to trigger a denial of service state and remotely crash unpatched devices.
#QNAP#bleepingcomputer#EN#2022#OpenSSL#bug#CVE-2022-0778#NAS
·bleepingcomputer.com·
QNAP warns severe OpenSSL bug affects most of its NAS devices
Why is the Zoom app listening on my microphone...
Why is the Zoom app listening on my microphone...
I'm running MacOS Monterey. Several times in the last few weeks, I've noticed the orange dot indicating the microphone is being used by an app, and I click on the Control Center and see that Zoom is accessing the microphone. I'm not in a meeting and simply have the Zoom app open. Why would Zoom be accessing the microphone when I'm not in a meeting?
#zoom#EN#macOS#bug#microphone
·community.zoom.com·
Why is the Zoom app listening on my microphone...
QNAP warns severe OpenSSL bug affects most of its NAS devices
QNAP warns severe OpenSSL bug affects most of its NAS devices
Taiwan-based network-attached storage (NAS) maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago. Attackers can exploit the vulnerability, tracked as CVE-2022-0778, to trigger a denial of service state and remotely crash unpatched devices.
#QNAP#bleepingcomputer#EN#2022#OpenSSL#bug#CVE-2022-0778#NAS
·bleepingcomputer.com·
QNAP warns severe OpenSSL bug affects most of its NAS devices
Why is the Zoom app listening on my microphone...
Why is the Zoom app listening on my microphone...
I'm running MacOS Monterey. Several times in the last few weeks, I've noticed the orange dot indicating the microphone is being used by an app, and I click on the Control Center and see that Zoom is accessing the microphone. I'm not in a meeting and simply have the Zoom app open. Why would Zoom be accessing the microphone when I'm not in a meeting?
#zoom#EN#macOS#bug#microphone
·community.zoom.com·
Why is the Zoom app listening on my microphone...
Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities
Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities
  • Sonar’s Vulnerability Research Team has discovered an issue that led to multiple XSS vulnerabilities in the popular Content Management System Joomla. The issue discovered with the help of SonarCloud affects Joomla’s core filter component and is tracked as CVE-2024-21726. Attackers can leverage the issue to gain remote code execution by tricking an administrator into clicking on a malicious link. The underlying PHP bug is an inconsistency in how PHP’s mbstring functions handle invalid multibyte sequences. The bug was fixed with PHP versions 8.3 and 8.4, but not backported to older PHP versions. * Joomla released a security announcement and published version 5.0.3/4.4.3, which mitigates the vulnerability.
#sonarsource#EN#2024#Joomla#PHP#Bug#CVE-2024-21726
·sonarsource.com·
Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities
QNAP warns severe OpenSSL bug affects most of its NAS devices
QNAP warns severe OpenSSL bug affects most of its NAS devices
Taiwan-based network-attached storage (NAS) maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago. Attackers can exploit the vulnerability, tracked as CVE-2022-0778, to trigger a denial of service state and remotely crash unpatched devices.
#QNAP#bleepingcomputer#EN#2022#OpenSSL#bug#CVE-2022-0778#NAS
·bleepingcomputer.com·
QNAP warns severe OpenSSL bug affects most of its NAS devices
Why is the Zoom app listening on my microphone...
Why is the Zoom app listening on my microphone...
I'm running MacOS Monterey. Several times in the last few weeks, I've noticed the orange dot indicating the microphone is being used by an app, and I click on the Control Center and see that Zoom is accessing the microphone. I'm not in a meeting and simply have the Zoom app open. Why would Zoom be accessing the microphone when I'm not in a meeting?
#zoom#EN#macOS#bug#microphone
·community.zoom.com·
Why is the Zoom app listening on my microphone...
QNAP warns severe OpenSSL bug affects most of its NAS devices
QNAP warns severe OpenSSL bug affects most of its NAS devices
Taiwan-based network-attached storage (NAS) maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago. Attackers can exploit the vulnerability, tracked as CVE-2022-0778, to trigger a denial of service state and remotely crash unpatched devices.
#QNAP#bleepingcomputer#EN#2022#OpenSSL#bug#CVE-2022-0778#NAS
·bleepingcomputer.com·
QNAP warns severe OpenSSL bug affects most of its NAS devices
Why is the Zoom app listening on my microphone...
Why is the Zoom app listening on my microphone...
I'm running MacOS Monterey. Several times in the last few weeks, I've noticed the orange dot indicating the microphone is being used by an app, and I click on the Control Center and see that Zoom is accessing the microphone. I'm not in a meeting and simply have the Zoom app open. Why would Zoom be accessing the microphone when I'm not in a meeting?
#zoom#EN#macOS#bug#microphone
·community.zoom.com·
Why is the Zoom app listening on my microphone...
QNAP warns severe OpenSSL bug affects most of its NAS devices
QNAP warns severe OpenSSL bug affects most of its NAS devices
Taiwan-based network-attached storage (NAS) maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago. Attackers can exploit the vulnerability, tracked as CVE-2022-0778, to trigger a denial of service state and remotely crash unpatched devices.
#QNAP#bleepingcomputer#EN#2022#OpenSSL#bug#CVE-2022-0778#NAS
·bleepingcomputer.com·
QNAP warns severe OpenSSL bug affects most of its NAS devices
Why is the Zoom app listening on my microphone...
Why is the Zoom app listening on my microphone...
I'm running MacOS Monterey. Several times in the last few weeks, I've noticed the orange dot indicating the microphone is being used by an app, and I click on the Control Center and see that Zoom is accessing the microphone. I'm not in a meeting and simply have the Zoom app open. Why would Zoom be accessing the microphone when I'm not in a meeting?
#zoom#EN#macOS#bug#microphone
·community.zoom.com·
Why is the Zoom app listening on my microphone...
CIA exposed to intelligence interception due to X's URL bug
CIA exposed to intelligence interception due to X's URL bug
Musk's mega-app-in-waiting goes from chopping headlines to profile URLs An ethical hacker has exploited a bug in the way X truncates URLs to take over a CIA Telegram channel used to receive intelligence. Kevin McSheehan, who uses the online handle "Pad," spotted the issue after hovering over the link to the CIA's Telegram channel displayed on its X social media profile.
#theregister#EN#2023#X#McSheehan#Pad#Telegram#CIA#URL#bug#Twitter
·theregister.com·
CIA exposed to intelligence interception due to X's URL bug
QNAP warns severe OpenSSL bug affects most of its NAS devices
QNAP warns severe OpenSSL bug affects most of its NAS devices
Taiwan-based network-attached storage (NAS) maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago. Attackers can exploit the vulnerability, tracked as CVE-2022-0778, to trigger a denial of service state and remotely crash unpatched devices.
#QNAP#bleepingcomputer#EN#2022#OpenSSL#bug#CVE-2022-0778#NAS
·bleepingcomputer.com·
QNAP warns severe OpenSSL bug affects most of its NAS devices
Why is the Zoom app listening on my microphone...
Why is the Zoom app listening on my microphone...
I'm running MacOS Monterey. Several times in the last few weeks, I've noticed the orange dot indicating the microphone is being used by an app, and I click on the Control Center and see that Zoom is accessing the microphone. I'm not in a meeting and simply have the Zoom app open. Why would Zoom be accessing the microphone when I'm not in a meeting?
#zoom#EN#macOS#bug#microphone
·community.zoom.com·
Why is the Zoom app listening on my microphone...
SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri
SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri
Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets. This would happen without the app requesting microphone access permission and without the app leaving any trace that it was listening to the microphone.
#rambo.codes#EN#2022#iOS#bug#Siri#SiriSpy#Bluetooth#AirPods#privacy
·rambo.codes·
SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri
Heap memory corruption with RSA private key operation (CVE-2022-2274)
Heap memory corruption with RSA private key operation (CVE-2022-2274)
Severity: High The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation.
#CVE-2022-2274#openssl#RSA#RCE#EN#2022#memory-corruption#bug
·openssl.org·
Heap memory corruption with RSA private key operation (CVE-2022-2274)
QNAP warns severe OpenSSL bug affects most of its NAS devices
QNAP warns severe OpenSSL bug affects most of its NAS devices
Taiwan-based network-attached storage (NAS) maker QNAP warned on Tuesday that most of its NAS devices are impacted by a high severity OpenSSL bug disclosed two weeks ago. Attackers can exploit the vulnerability, tracked as CVE-2022-0778, to trigger a denial of service state and remotely crash unpatched devices.
#QNAP#bleepingcomputer#EN#2022#OpenSSL#bug#CVE-2022-0778#NAS
·bleepingcomputer.com·
QNAP warns severe OpenSSL bug affects most of its NAS devices
Crypto Bug in Samsung Galaxy Devices: Breaking Trusted Execution Environments (TEEs)
Crypto Bug in Samsung Galaxy Devices: Breaking Trusted Execution Environments (TEEs)
If you use an Apple Macbook, it’s likely that you have a secret enclave for important secrets — such as your encryption keys. These keys define the core of the trust infrastructure on the device — and protect applications from stealing these secrets. The TEE also allows isolation between code which is fully trusted, and code that cannot be fully trusted. If this did not happen, we could install applications on our computer which would discover our login password and steal the encryption used used to key things secret and trusted.
#asecuritysite#bug#samsung#galaxy#EN#2022#CVE-2021-25444#medium#CVE-2021–25490
·medium.com·
Crypto Bug in Samsung Galaxy Devices: Breaking Trusted Execution Environments (TEEs)
High-Severity RCE Security Bug Reported in Apache Cassandra Database Software
High-Severity RCE Security Bug Reported in Apache Cassandra Database Software
Researchers have revealed details of a now-patched high-severity security vulnerability in Apache Cassandra that, if left unaddressed, could be abused to gain remote code execution on affected installations. "This Apache security vulnerability is easy to exploit and has the potential to wreak havoc on systems, but luckily only manifests in non-default configurations of Cassandra," Omer Kaspi, security researcher at DevOps firm JFrog, said in a technical write-up published Tuesday.
#thehackernews#EN#2022#bug#Apache#Cassandra#CVE-2021-44521
·thehackernews.com·
High-Severity RCE Security Bug Reported in Apache Cassandra Database Software
Why is the Zoom app listening on my microphone...
Why is the Zoom app listening on my microphone...
I'm running MacOS Monterey. Several times in the last few weeks, I've noticed the orange dot indicating the microphone is being used by an app, and I click on the Control Center and see that Zoom is accessing the microphone. I'm not in a meeting and simply have the Zoom app open. Why would Zoom be accessing the microphone when I'm not in a meeting?
#zoom#EN#macOS#bug#microphone
·community.zoom.com·
Why is the Zoom app listening on my microphone...
A walk through Project Zero metrics
A walk through Project Zero metrics
  • In 2021, vendors took an average of 52 days to fix security vulnerabilities reported from Project Zero. This is a significant acceleration from an average of about 80 days 3 years ago. * In addition to the average now being well below the 90-day deadline, we have also seen a dropoff in vendors missing the deadline (or the additional 14-day grace period). In 2021, only one bug exceeded its fix deadline, though 14% of bugs required the grace period. * Differences in the amount of time it takes a vendor/product to ship a fix to users reflects their product design, development practices, update cadence, and general processes towards security reports. We hope that this comparison can showcase best practices, and encourage vendors to experiment with new policies. * This data aggregation and analysis is relatively new for Project Zero, but we hope to do it more in the future. We encourage all vendors to consider publishing aggregate data on their time-to-fix and time-to-patch for externally reported vulnerabilities, as well as more data sharing and transparency in general.
#googleprojectzero#metrics#bug#0-day#EN
·googleprojectzero.blogspot.com·
A walk through Project Zero metrics
SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri
SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri
Any app with access to Bluetooth could record your conversations with Siri and audio from the iOS keyboard dictation feature when using AirPods or Beats headsets. This would happen without the app requesting microphone access permission and without the app leaving any trace that it was listening to the microphone.
#rambo.codes#EN#2022#iOS#bug#Siri#SiriSpy#Bluetooth#AirPods#privacy
·rambo.codes·
SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri
Heap memory corruption with RSA private key operation (CVE-2022-2274)
Heap memory corruption with RSA private key operation (CVE-2022-2274)
Severity: High The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation.
#CVE-2022-2274#openssl#RSA#RCE#EN#2022#memory-corruption#bug
·openssl.org·
Heap memory corruption with RSA private key operation (CVE-2022-2274)