Pulse of Truth

The vulnerability affects not only AirPods, but also AirPods Max, Powerbeats Pro, Beats Fit Pro, and all models of AirPods Pro.

Securing your data is more critical than ever, new research reveals.

Joseph Cox / 404 Media: Sources: AU10TIX, an ID verification service that handles ID photos and is used by TikTok, Uber, X, and others, exposed admin credentials online for over a year  —  A company that verifies the identities of TikTok, Uber, and X users, sometimes by processing photographs of their faces …

Red Teaming security assessments aim to demonstrate to clients how attackers in the real world might link together various exploits and attack methods to reach their objectives. The post Stepping Into the Attacker’s Shoes: The Strategic Power of Red Teaming (Insights from the Field) appeared first on Security Boulevard.

The Windows ecosystem was traditionally designed to treat users fairly, offering unprecedented openness and software backward compatibility that turned a "simple" OS into a major force in the technology and computing world. However, fairness, compatibility, and openness are now somewhat obsolete concepts, as Big Tech proactively harvest users' data to...Read Entire Article

As originally reported by Forbes, due to a high-severity vulnerability, Google has warned federal employees to update their Pixel devices before 4th July, or else they should stop using the device. This warning—CVE-2024-32896—is a part of the Known Exploited Vulnerabilities (KEV) catalog managed by CISA (Cybersecurity…Read more...

'Congress has effectively gutted it as part of a backroom deal' Analysis  Introduced in April, the American Privacy Rights Act (APRA) was - in the words of its drafters - "the best opportunity we’ve had in decades to establish a national data privacy and security standard that gives people the right to control their personal information."…

Clothing company Levi Strauss said some 72,000 customer accounts have come under attack from threat actors.

Comments

WikiLeaks co-founder Julian Assange has been released from prison in the UK and will be allowed to return to his home country of Australia after he pleads guilty to illegally disseminating national security material in the U.S., according to a surprising new report from NBC News. Read more...

Ransomware group reportedly told the U.S. government that it has until tomorrow to negotiate a deal or they will make the data public.

As the 2024 Olympic Games in Paris approach, organizers are intensifying cybersecurity measures in response to warnings from experts and law enforcement agencies about a likely surge in cyberattacks. The Games, set to start on 26 July this year, are projected to sell over 13 million tickets and attract more than 15 million visitors to Paris, generating around 11 billion euros in economic activity. Big Events Attract Bad Attention, Too And because cybercriminals are like pickpockets, always following the crowds, this massive influx of commerce and data makes the event an attractive target for...

The Medusa banking trojan for Android has re-emerged after almost a year of keeping a lower profile in campaigns targeting France, Italy, the United States, Canada, Spain, the United Kingdom, and Turkey. [...]

Multiple vulnerabilities have been discovered in MOVEit products, which could allow for authentication bypass.

MOVEit Gateway acts as a proxy between inbound connections from the public network and your internal trusted network. MOVEit Transfer is a secure managed file transfer application.

Successful exploitation of these vulnerabilities could allow for an attacker to bypass authentication. An attacker could then view, change, or delete data; or create new accounts with full user rights.

Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions. "The injected malware attempts to create a new administrative user account and then sends those details back to the attacker-controlled server," Wordfence security researcher Chloe Chamberland said in a Monday alert.

About a thousand vulnerable instances still exposed online, we're told A now-patched vulnerability in Ollama – a popular open source project for running LLMs – can lead to remote code execution, according to flaw finders who warned that upwards of 1,000 vulnerable instances remain exposed to the internet.…

CISA is warning that its Chemical Security Assessment Tool (CSAT) environment was breached in January after hackers deployed a webshell on its Ivanti device, potentially exposing sensitive security assessments and plans. [...]

A CISA analysis in collaboration with international partners concluded most critical open source projects potentially contain memory safety vulnerabilities

AppSec is hard for traditional software development, let alone citizen developers. So how did two people resolve 70,000 vulnerabilities in three months?

Comments

By introducing a mobile device management (MDM) platform into the existing infrastructure, administrators gain the ability to restrict sideloading on managed devices. The post EU Opens the App Store Gates: A Call to Arms for MDM Implementation appeared first on Security Boulevard.

Disrupting immigration checks.