“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Researchers have warned of a critical vulnerability affecting the OpenSSH networking utility that can be exploited to give attackers complete control of Linux and Unix servers with no authentication required. The vulnerability, tracked as CVE-2024-6387, allows unauthenticated remote code execution with root system rights on Linux systems that are based on glibc, an open source implementation of th
Roku forcing 2-factor authentication after 2 breaches of 600K accounts
Everyone with a Roku TV or streaming device will eventually be forced to enable two-factor authentication after the company disclosed two separate incidents in which roughly 600,000 customers had their accounts accessed through credential stuffing. Credential stuffing is an attack in which usernames and passwords exposed in one leak are tried out against other accounts, typically using automated s
Backdoor found in widely used Linux utility targets encrypted SSH connections
Researchers have found a malicious backdoor in a compression tool that made its way into widely used Linux distributions, including those from Red Hat and Debian. The compression utility, known as xz Utils, introduced the malicious code in versions 5.6.0 and 5.6.1, according to Andres Freund, the developer who discovered it. There are no known reports of those versions being incorporated into an
“MFA Fatigue” attack targets iPhone owners with endless password reset prompts
Enlarge / They look like normal notifications, but opening an iPhone with one or more of these stacked up, you won't be able to do much of anything until you tap "Allow" or "Don't Allow." And they're right next to each other. Human weaknesses are a rich target for phishing attacks. Making humans click "Don't Allow" over and over again in a phone prompt that can't be skipped is an angle some iCloud
Hugging Face, the GitHub of AI, hosted code that backdoored user devices
Code uploaded to AI developer platform Hugging Face covertly installed backdoors and other types of malware on end-user machines, researchers from security firm JFrog said Thursday in a report that’s a likely harbinger of what’s to come. In all, JFrog researchers said, they found roughly 100 submissions that performed hidden and unwanted actions when they were downloaded and loaded onto an end-use
Supreme Court denies Epic v. Apple petitions, opening up iOS payment options
Enlarge / Artist's conception of iOS developers after today's Supreme Court ruling, surveying a new landscape of payment options and subscription signaling. The Supreme Court declined to hear either of the petitions resulting from the multi-year, multi-court Epic v. Apple antitrust dispute. That leaves most of Epic's complaints about Apple's practices unanswered, but the gaming company achieved on
Michael Cohen gave his lawyer fake citations invented by Google Bard AI tool
Enlarge / Michael Cohen, former personal lawyer to former US President Donald Trump, arrives at federal court in New York on December 14, 2023. Donald Trump's former attorney, Michael Cohen, admitted providing fake AI-generated court citations to his own lawyer, who failed to check whether the cited cases were real before submitting them in a court brief. Cohen said the fake court cases came from
The “Windows App” for Mac, iOS, and browsers is a fancy remote desktop, for now
Enlarge / If you have a bunch of Windows systems, Microsoft now has an app for that. It's called "Windows App." Microsoft just has a certain way with naming things. It feels strange to say it, but it's true: There is an app called, simply, "Windows." It's available for early testing on Mac, iOS and iPad, the web, Windows, and eventually Android, and it's made by Microsoft. The fact that it exists,
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Apple clarifies iOS 17.5 bug that exposed deleted photos
GPT-5 might arrive this summer as a “materially better” update to ChatGPT
Never-before-seen Linux malware gets installed using 1-day exploits
Apple changes course, will keep iPhone EU web apps how they are in iOS 17.4
DOJ quietly removed Russian malware from routers in US homes and businesses
Apple announces sweeping EU App Store policy changes—including sideloading
New UEFI vulnerabilities send firmware devs industry wide scrambling
What I learned from using a Raspberry Pi 5 as my main computer for two weeks
ChatGPT bombs test on diagnosing kids’ medical cases with 83% error rate
Millions still haven’t patched Terrapin SSH protocol vulnerability
“ChatGPT with voice” opens up to everyone on iOS and Android
CD-indexing cue files are the core of a serious Linux remote code exploit