Hacker News with Generative AI: Security Vulnerabilities

Hacking Subaru: Tracking and controlling cars via the admin panel (samcurry.net)
On November 20, 2024, Shubham Shah and I discovered a security vulnerability in Subaru’s STARLINK connected vehicle service that gave us unrestricted targeted access to all vehicles and customer accounts in the United States, Canada, and Japan.
Cybersecurity, Automotive, Hacking, Security Vulnerabilities
548 points by ramimac 29 days ago | 320 comments
D-Link says it won't patch 60k older modems (techradar.com)
Cybersecurity, Networking, Technology, Security Vulnerabilities
267 points by lobo_tuerto 87 days ago | 170 comments
D-Link says replace vulnerable routers or risk pwnage (theregister.com)
Owners of older models of D-Link VPN routers are being told to retire and replace their devices following the disclosure of a serious remote code execution (RCE) vulnerability.
Cybersecurity, Networking, Security Vulnerabilities, Hardware
8 points by fork-bomber 93 days ago | 1 comments
Unauthenticated RCE vs. all GNU/Linux systems (+ others) disclosed 3 weeks ago (twitter.com)
Cybersecurity, Linux, Security Vulnerabilities
35 points by jesboat 151 days ago | 5 comments
Zero-Click Calendar invite vulnerability chain in macOS (medium.com)
I found a zero-click vulnerability in macOS Calendar, which allows an attacker to add or delete arbitrary files inside the Calendar sandbox environment. This could lead to many bad things including malicious code execution which can be combined with security protection evasion with Photos to compromise users’ sensitive Photos iCloud Photos data. Apple has fixed all of the vulnerabilities between October 2022 and September 2023.
macOS Security, Zero-Click Exploits, Calendar Apps, Security Vulnerabilities
461 points by jviide 161 days ago | 159 comments
BSI discovers serious vulnerabilities in Mastodon, some minor ones in Matrix (heise.de)
Cybersecurity, Social Media, Security Vulnerabilities, Open Source
5 points by flo123456 170 days ago | 0 comments
The new frontier in script kiddie security vulnerability reports (microsoft.com)
Cybersecurity, Security Vulnerabilities, Script Kiddies, Microsoft
17 points by ingve 213 days ago | 0 comments
New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere (arstechnica.com)
Cybersecurity, Networking, Security Vulnerabilities, Protocol
11 points by tapper 226 days ago | 0 comments
New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere (arstechnica.com)
Cybersecurity, Network Security, Security Vulnerabilities, Protocols
55 points by LinuxBender 227 days ago | 7 comments
'Skeleton Key' attack unlocks the worst of AI, says Microsoft (theregister.com)
Artificial Intelligence, Cybersecurity, Security Vulnerabilities
33 points by taubek 237 days ago | 36 comments
Apple refused to pay bounty to Kaspersky for uncovering vulnerability (9to5mac.com)
Cybersecurity, Apple, Security Vulnerabilities
91 points by uladzislau 257 days ago | 61 comments
Format String Attacks (2000) (seclists.org)
Cybersecurity, Security Vulnerabilities, Programming
24 points by aragonite 278 days ago | 3 comments
Microsoft PlayReady – Complete Client Identity Compromise (seclists.org)
Cybersecurity, Microsoft, PlayReady, Security Vulnerabilities
182 points by tithe 288 days ago | 168 comments
Attackers can decloak routing-based VPNs (leviathansecurity.com)
Cybersecurity, VPNs, Security Vulnerabilities
446 points by dsr_ 291 days ago | 232 comments
Xz sshd backdoor collecting usernames from logs (isc.sans.edu)
Cybersecurity, Security Vulnerabilities, Linux, Backdoors
143 points by babuskov 302 days ago | 10 comments