From thehackernews.com
A critical Bluetooth security flaw could be exploited by threat actors to take control of Android, Linux, macOS and iOS devices.
Tracked as CVE-2023-45866, the issue relates to a case of authentication bypass that enables attackers to connect to susceptible devices and inject keystrokes to achieve code execution as the victim.
From helpnetsecurity.com
A proof-of-concept (PoC) exploit for a high-severity flaw in Splunk Enterprise (CVE-2023-46214) that can lead to remote code execution has been made public.
Users are advised to implement the provided patches or workarounds quickly.
From blog.talosintelligence.com
From gdatasoftware.com
During an incident response, looking for malware is often akin to looking for a needle in a hay stack. To complicate matters further, in the case of Cobalt Strike you often have no idea what that needle even looks like. And time is not on your side.
Cobalt Strike is essentially a tool that is used for red teaming – an attack simulation that helps to closely simulate the processes of a real attack. The responsible departments within a company that has commissioned the simulation are informed and the use of the tool is authorized. However, since various versions of this tool have fallen into the hands of criminals, Cobalt Strike is also often used for real attacks by criminals.
From helpnetsecurity.com
Vigil is an open-source security scanner that detects prompt injections, jailbreaks, and other potential threats to Large Language Models (LLMs).
Prompt injection arises when an attacker successfully influences an LLM using specially designed inputs. This leads to the LLM unintentionally carrying out the objectives set by the attacker.
From theregister.com
European police have for the first time made an arrest after remotely checking Interpol’s trove of biometric data to identify a suspected smuggler.
The fugitive migrant, we’re told, gave a fake name and phony identification documents at a police check in Sarajevo, Bosnia and Herzegovina, while traveling toward Western Europe. And he probably would have got away with it, too, if it weren’t for you meddling kids Interpol’s Biometric Hub – a recently activated tool that uses French identity and biometrics vendor Idemia’s technology to match people’s biometric data against the multinational policing org’s global fingerprint and facial recognition databases.
From thehackernews.com
Apple has released software updates for iOS, iPadOS, macOS, and Safari web browser to address two security flaws that it said have come under active exploitation in the wild on older versions of its software.
The vulnerabilities, both of which reside in the WebKit web browser engine, are described below –