The top stories coming out of the Black Hat cybersecurity conference

Over the next two weeks, two of the largest cybersecurity conferences in the world will take place in Las Vegas: Black Hat and DEF CON. That means product announcements, buzzwords and stories about "X smart appliance could burn your house down!" or something like that. Over the next two weeks, Il...

Analyzing Malicious CrowdStrike Domains: Who Is Affected and What Could Come Next

...

How an AI “artist” stole a woman’s face, with Ali Diamond (Lock and Code S05E15)

This week on the Lock and Code podcast… Full-time software engineer and part-time Twitch streamer Ali Diamond is used to seeing herself on screen, probably because she’s the one who turns the camera on. But when Diamond received a Direct Message DM on Twitter earlier this year, she learned that h...

Qilin Ransomware Leaks 400GB of NHS and Patient Data on Telegram

Learn about the impact of the Qilin ransomware attack on Synnovis and healthcare services. Discover the consequences of this cyber incident and its implications for patient care...

GHSA-8XHV-GQM4-3W99 ZendFramework1 Potential Insufficient Entropy Vulnerability

We discovered several methods used to generate random numbers in ZF1 that potentially used insufficient entropy. These random number generators are used in the following method calls: ZendLdapAttribute::createPassword ZendFormElementHash::generateHash ZendGdataHttpClient::filterHttpRequest...

GHSA-J543-VG33-G6VJ ZendFramework potential Cross-site Scripting vector in `Zend_Dojo_View_Helper_Editor`

ZendDojoViewHelperEditor was incorrectly decorating a TEXTAREA instead of a DIV. The Dojo team has reported that this has security implications as the rich text editor they use is unable to escape content for a TEXTAREA...

How AI Will Change Democracy

I dont think its an exaggeration to predict that artificial intelligence will affect every aspect of our society. Not by doing new things. But mostly by doing things that are already being done by humans, perfectly competently. Replacing humans with AIs isnt necessarily interesting. But when an A...

State of ransomware in 2024

Ransomware attacks continue to be one of the biggest contemporary cybersecurity threats, affecting organizations and individuals alike on a global scale. From high-profile breaches in healthcare and industrial sectors – compromising huge volumes of sensitive data or halting production entirely – ...

A Bootiful Podcast: Daniel Garnier-Moiroux on Passkeys and Spring Security

Hi, Spring fans! In this installment, I talk to my friend and colleague Daniel Garnier-Moiroux about the amazing awesome implications of passkeys in a Spring Security application...

Global Hack Exposes Personal Data: Implications & Privacy Protection – Axios Security Group

By Cyber Newswire In a digital age where information is the new currency, the recent global hack has once again highlighted… This is a post from HackRead.com Read the original post: Global Hack Exposes Personal Data: Implications & Privacy Protection - Axios Security Group...

From ChatBot To SpyBot: ChatGPT Post Exploitation

In the second installment of our blog post series on ChatGPT, we delve deeper into the security implications that come with the integration of AI into our daily routines. Building on the discoveries shared in our initial post, "XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT," where we...

GHSA-MP76-7W5V-PR75 TurboBoost Commands vulnerable to arbitrary method invocation

Impact TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should be. It's possible for a sophisticated attacker to invoke more methods than should be permitted dependi...

TurboBoost Commands vulnerable to arbitrary method invocation

Impact TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should be. It's possible for a sophisticated attacker to invoke more methods than should be permitted dependi...

TurboBoost Commands vulnerable to arbitrary method invocation

Impact TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should be. It's possible for a sophisticated attacker to invoke more methods than should be permitted dependi...

CVE-2024-28181 Arbitrary method invocation turbo_boost-commands

turboboost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire. TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should...

CVE-2024-28181

CVE-2024-28181 affects the TurboBoost Commands library. The issue is an insufficiently robust permission check that can allow an attacker to invoke more public methods on Command classes than intended, risking arbitrary code execution within affected applications. Concrete details in connected so...

CVE-2024-28181 Arbitrary method invocation turbo_boost-commands

turboboost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire. TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should...

CVE-2024-28121 Reflex arbitrary method call in stimulus_reflex

stimulusreflex is a system to extend the capabilities of both Rails and Stimulus by intercepting user interactions and passing them to Rails over real-time websockets. In affected versions more methods than expected can be called on reflex instances. Being able to call some of them has security...

CVE-2024-28121 Reflex arbitrary method call in stimulus_reflex

stimulusreflex is a system to extend the capabilities of both Rails and Stimulus by intercepting user interactions and passing them to Rails over real-time websockets. In affected versions more methods than expected can be called on reflex instances. Being able to call some of them has security...

StimulusReflex arbitrary method call

Summary More methods than expected can be called on reflex instances. Being able to call some of them has security implications. Details To invoke a reflex a websocket message of the following shape is sent: json "target": "classnamemethodname", "args": The server will proceed to instantiate refl...