A naukri.com initiative
Hackaday
6d
119
Image Credit: Hackaday
This Week in Security: The UK Wants Your iCloud, Libarchive Wasn’t Ready, and AWS
- The UK government issued a secret order to Apple, demanding access to iCloud backups with Advanced Data Protection.
- UK officials want access to all ADP-protected data, including data from US customers, potentially bypassing Fourth Amendment protections.
- Cryptographer Matthew Green suggests passing laws to prevent US companies from adding backdoors for foreign nations.
- Github Actions vulnerability allowed access to proprietary server-side code and npm tokens, leading to a $50,000 bounty.
- Libarchive integration in Windows 11 had vulnerabilities like arbitrary file write/delete due to improper handling of archive files.
- AI poisoning threats include prompt injection to manipulate AI memory and Pickle deserialization attacks on Hugging Face AI models.
- AWS research found vulnerabilities in IAM usernames, AMI duplication leading to potential hijacking, and an interesting cryptocurrency heist.
- zkLend suffered a $9.5 million cryptocurrency heist, offering a bounty to the attacker in exchange for returning the funds.
- An infamous swatting service provider was sentenced to 48 months in prison after committing the crime 375 times.
- Sitevision CMS exposed public and private keys for SAML authn requests due to a flaw in WebDav-SAML-Java key interface.
Read Full Article
7 Likes
For uninterrupted reading, download the app