Saturday, March 25, 2023

iMessage and OpenGraph for Fun and Profit

submitted by /u/nobodyhome5nxc

Windows Installer EOP (CVE-2023-21800)

submitted by /u/poltess0

Guide: Terraform Security

submitted by /u/MiguelHzBz

Parallels Desktop Toolgate Vulnerability

submitted by /u/poltess0

Chaos Malware – Persistence and Evasion Techniques

submitted by /u/MiguelHzBz

How to Google Dork a Specific Website for Hacking

submitted by /u/josh252

Debugging D-Link: Emulating firmware and hacking hardware

submitted by /u/netsecfriends

NPM request Library SSRF Cross Protocol Redirect Bypass

submitted by /u/nibblesec

CVE-2023-23415 – ICMP Remote Code Execution

submitted by /u/Thrimbor

We need a new way to measure AI security

submitted by /u/yossarian_flew_away
The Hacker News

Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers

Microsoft on Friday shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability. Tracked as CVE-2023-23397 (CVSS score: 9.8), the critical flaw relates to a case of privilege escalation that could be exploited to steal...
The Hacker News

OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident

OpenAI on Friday disclosed that a bug in the Redis open source library was responsible for the exposure of other users' personal information and chat titles in the upstart's ChatGPT service earlier this week. The glitch, which came to light on...

US Charges 20-Year-Old Head of Hacker Site BreachForums

The US Justice Department charged Conor Brian Fitzpatrick, founder of BreachForums, a major underground website for computer hackers. The post US Charges 20-Year-Old Head of Hacker Site BreachForums appeared first on SecurityWeek.
SC Magazine

Dish customers struggle with service disruptions weeks after ransomware attack

Customers complain that they are still having payment issues and are not able to contact customer service weeks after Dish Network suffered a ransomware attack.
Security Affairs

CISA announced the Pre-Ransomware Notifications initiative

The US Cybersecurity and Infrastructure Security Agency (CISA) announced the Pre-Ransomware Notifications service to help organizations stop ransomware attacks before damage occurs. The US Cybersecurity and Infrastructure Security Agency announced a new Pre-Ransomware Notification initiative that aims at alerting organizations of...