#DoorDasher drives onto #tarmac at #Chicago’s #OHareAirport, exposing #securityflaw

https://thehill.com/policy/transportation/5334050-door-dasher-ohare-airport-security-flaw/

Windows Remote Desktop Protocol Allows Revoked Passwords; Microsoft Calls it a Feature

#Cybersecurity #Windows11 #RDP #Microsoft #SecurityFlaw #PasswordSecurity #InfoSec #CachedCredentials #WindowsSecurity #SysAdmin

https://winbuzzer.com/2025/05/01/windows-remote-desktop-protocol-allows-revoked-passwords-microsoft-calls-it-a-feature-xcxwbn/

🚨 BREAKING: Security flaw discovered in Erlang/OTP SSH server, but don't worry, you can't read about it because the server is too busy playing hide and seek with its own responses. 🙈🔐 Meanwhile, the tech world collectively pretends this is the first time a server has dropped the ball. 😂
https://nvd.nist.gov/vuln/detail/CVE-2025-32433 #ErlangSSH #SecurityFlaw #TechNews #ServerIssues #HideAndSeek #CyberSecurity #HackerNews #ngated

Noticed an unexpected 'inetpub' folder on your Windows PC? Microsoft’s latest update is creating it to tackle a serious security flaw. Curious how a routine update turned into a security mystery?

https://thedefendopsdiaries.com/understanding-the-inetpub-folder-a-security-update-mystery/

#inetpub
#windowsupdate
#securityflaw
#microsoft
#cve202521204

Max severity RCE flaw discovered in widely used Apache Parquet

https://www.bleepingcomputer.com/news/security/max-severity-rce-flaw-discovered-in-widely-used-apache-parquet/

#HackerNews #MaxSeverity #RCE #ApacheParquet #SecurityFlaw #CyberSecurity #Vulnerability

This top #WordPress plugin could be hiding a worrying #securityflaw, so be on your guard

https://www.techradar.com/pro/security/this-top-wordpress-plugin-could-be-hiding-a-worrying-security-flaw-so-be-on-your-guard

🚨Wow, someone discovered a security flaw! All hail the tech hero who bumbled upon a bug in software made to be unhackable.🛡️ It’s like accidentally finding a secret passage in a LEGO castle—totally intentional and absolutely deserving of a blog post with a self-indulgent menu.🍽️
https://mattsayar.com/how-i-hacked-my-companys-sso-provider/ #techhero #securityflaw #softwarebug #hackingnews #accidentaldiscovery #LEGOfinds #HackerNews #ngated

A flaw in Microsoft Azure multi-factor authentication allowed attackers to brute-force accounts, exposing data in Teams, OneDrive, and more. #Microsoft #Cybersecurity #MFA #Authentication #DataSecurity #Microsoft365 #Azure #Hacking #Infosec #CloudSecurity #SecurityFlaw #Passwordless #CyberThreats #OasisSecurity #MicrosoftTeams

https://winbuzzer.com/2024/12/13/critical-microsoft-mfa-loophole-exposed-millions-of-user-accounts-xcxwbn/

"He included a PoC that caused the ChatGPT app for macOS to send a verbatim copy of all user input and ChatGPT output to a server of his choice. All a target needed to do was instruct the LLM to view a web link that hosted a malicious image. From then on, all input and output to and from ChatGPT was sent to the attacker's website."

https://arstechnica.com/security/2024/09/false-memories-planted-in-chatgpt-give-hacker-persistent-exfiltration-channel/

#ChatGPT #SecurityFlaw

GitLab has patched a critical flaw that could enable attackers to execute pipeline jobs as arbitrary users, posing a severe risk to development environments. This is the fourth critical flaw patched by GitLab in the past year. #GitLab #securityflaw #cybersecurity

Looks like the Azure WireServer became the not-so-invincible WireWeakness. Time for the Azure team to step up their game and secure those clusters! #Azure #SecurityFlaw

Cisco discloses a 10.0 CVSS rating vulnerability in SSM On-Prem

https://stackdiary.com/cisco-discloses-cve-2024-20419-for-ssm-on-prem/

#Cisco #Security #Vulnerability #Cybersecurity #CVSS #Hackers #Exploitation #ITsecurity #DataBreach #Software #TechNews #SecurityFlaw #NetworkSecurity #CriticalUpdate #Admins #DataProtection #PatchNow #Infosec #CyberThreats #SecureNetworks #TechUpdate #DigitalSafety #SoftwareBug #CyberDefense #CriticalVulnerability #ITupdate #SystemAdmin #SecureSoftware #NetworkAdmin #CyberAlert #CVE

IdentifyMobile incident exposed 200M records from hundreds of companies

https://stackdiary.com/identifymobile-incident-exposed-200m-records-from-hundreds-of-companies/

#Security #DataBreach #IdentifyMobile #SMS #AWS #Cybersecurity #Privacy #Hack #2FA #Authentication #DataProtection #InfoSec #CCC #TechNews #OnlineSecurity #Encryption #DataLeak #Vulnerability #Incident #TechSafety #ConfigurationError #Webex #AWSsecurity #DigitalSecurity #CloudSecurity #DataPrivacy #TechBreach #SecurityFlaw #CyberSafety #DataSecurity

Linksys Velop routers send Wi-Fi passwords in plaintext to US servers

https://stackdiary.com/linksys-velop-routers-send-wi-fi-passwords-in-plaintext-to-us-servers/

#Linksys #Velop #WiFi #Router #Security #DataBreach #Cybersecurity #Privacy #Encryption #Hackers #MeshNetwork #TechNews #ConsumerAlert #Testaankoop #Amazon #Plaintext #SSID #Password #Firmware #Vulnerability #CyberAttack #NetworkSecurity #DigitalPrivacy #TechSafety #UserData #WiFiSecurity #InternetSafety #HomeNetwork #ITsecurity #TechAlert #SecurityFlaw

Mastodon: Security flaw allows unauthorized access to posts

https://stackdiary.com/mastodon-security-flaw-allows-unauthorized-access-to-posts/

#Mastodon #Security #Vulnerability #Update #Cybersecurity #Privacy #Software #Patch #Server #HighRisk #Hackers #DataProtection #Infosec #TechNews #BugFix #CriticalUpdate #DigitalSafety #MastodonUpdate #CyberAttack #UserSafety #DataBreach #SecurityAlert #NetworkSecurity #OnlineSafety #SecurityFlaw #SecureUpdate #ITSecurity #TechAlert #MastodonPatch #SystemUpdate #CVE

Signal under fire for storing encryption keys in plaintext

https://stackdiary.com/signal-under-fire-for-storing-encryption-keys-in-plaintext/

#Signal #Privacy #Encryption #Cybersecurity #Messaging #DataProtection #SecureComms #DesktopApp #Vulnerability #InfoSec #DigitalSecurity #EndToEnd #PlainText #KeyManagement #TechNews #PrivacyBreach #SecurityAlert #Cryptography #DataSafety #MobileApps #UserPrivacy #SecurityFlaw #EncryptionKeys #Tech #MessageSecurity #PrivacyRisk #SecureMessaging #CyberRisk #DataExposure

»#OpenAI’s #ChatGPT #Macapp was storing conversations in plain text: After the #securityflaw was spotted, OpenAI updated its desktop ChatGPT app to #encrypt the #locally stored records.« https://www.theverge.com/2024/7/3/24191636/openai-chatgpt-mac-app-conversations-plain-text?eicker.news #tech #media

Unpatchable #securityflaw in #Apple #Silicon #Macs breaks #encryption

Apple has so far chosen not to implement protection against the #AuguryDMPexploit, likely because the performance hit wouldn’t be justified by the very low real of a real-world attack.

So far, no workaround has been implemented.

The long-term solution will be for Apple to address the #vulnerability in the #DMP implementation in the design of future chips.

https://9to5mac.com/2024/03/22/unpatchable-security-flaw-mac/

Critical GitHub Enterprise Server Flaw Allows Authentication Bypass

Date: May 21, 2024

CVE: [[CVE-2024-4985]]

Vulnerability Type: Improper Authentication

CWE: [[CWE-287]]

Sources: Cyber Security News, SecurityWeek, The Hacker News

Issue Summary

A critical vulnerability in GitHub Enterprise Server, identified as CVE-2024-4985, was discovered that allows attackers to bypass authentication. This flaw, found in versions 3.9.14, 3.10.11, 3.11.9, and 3.12.3, permits unauthorized access to repositories and sensitive data by exploiting a weakness in the SAML SSO authentication process.

Technical Key Findings

The vulnerability arises from a logic error in the SAML SSO authentication process, where the server fails to verify the validity of digital signatures on SAML responses properly. Attackers can craft SAML assertions with any certificate, which the server incorrectly accepts, allowing the spoofing of user identities, including admin accounts.

Vulnerable Products

• GitHub Enterprise Server versions 3.9.14
• GitHub Enterprise Server versions 3.10.11
• GitHub Enterprise Server versions 3.11.9
• GitHub Enterprise Server versions 3.12.3

Impact Assessment

Exploitation of this vulnerability could lead to unauthorized access to private repositories, sensitive data, and administrative controls. This can result in data breaches, code tampering, and potential intellectual property theft.

Patches or Workaround

GitHub has released patched versions (3.9.15, 3.10.12, 3.11.10, and 3.12.4) to address this issue. As an interim measure, enabling SAML certificate pinning can mitigate the risk. Additionally, auditing access logs for suspicious activity and rotating credentials is advised.

Tags

#GitHub #CVE20244985 #SAML #AuthenticationBypass #SecurityFlaw #EnterpriseSecurity #DataBreach #PatchUpdate #CyberSecurity

#Anycubic users say their #3Dprinters were hacked to warn of a #securityflaw
This #vulnerability allegedly enables potential attackers to control any Anycubic #3Dprinter affected by this vulnerability using the company's #MQTT service #API.
The hacked_machine_readme.gcode file received by the impacted devices also asks Anycubic to open-source their 3D printers because the company's software "is lacking." The file claims 2,934,635 devices downloaded this warning .
https://techcrunch.com/2024/02/28/anycubic-users-3d-printers-hacked-warning/