Security
Headlines
HeadlinesLatestCVEs

Latest News

How CISOs Can Lead the Responsible AI Charge

CISOs understand the risk scenarios that can help create safeguards so everyone can use AI safely and focus on the technology's promises and opportunities.

DARKReading
Open in Source
#sql#vulnerability#ios#intel#perl#auth#postgres#ssl
Bitdefender Finds New ShrinkLocker Ransomware, Releases Its Decryptor Tool

Bitdefender has released a free decryptor for ShrinkLocker ransomware, which exploits Windows BitLocker to encrypt systems. Discover all…

GHSA-f3cw-hg6r-chfv: Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI

### Summary Missing `normalizePath` in the function `FileHelper::absolutePath` could lead to Remote Code Execution on the server via twig SSTI. `(Post-authentication, ALLOW_ADMIN_CHANGES=true)` ### Details Note: This is a sequel to [CVE-2023-40035](https://github.com/craftcms/cms/security/advisories/GHSA-44wr-rmwq-3phw) In [`src/helpers/FileHelper.php#L106-L137`](https://github.com/craftcms/cms/blob/5e56c6d168524ed02f0620c9bc1c9750f5b94e3b/src/helpers/FileHelper.php#L106-L137), the function `absolutePath` returned `$from . $ds . $to` without path normalization: ```php /** * Returns an absolute path based on a source location or the current working directory. * * @param string $to The target path. * @param string|null $from The source location. Defaults to the current working directory. * @param string $ds the directory separator to be used in the normalized result. Defaults to `DIRECTORY_SEPARATOR`. * @return string * @since 4.3.5 */ public static function absolutePath( ...

GHSA-cw6g-qmjq-6w2w: Craft CMS Arbitrary System File Read

### Summary By abusing the mail notification template it is possible to read arbitrary operating system files. ### Details The [dataUrl](https://craftcms.com/docs/3.x/dev/functions.html#dataurl) function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function within a system notification template, the attacker can exfiltrate the Base64-encoded file content through a triggered system email notification. Once the email is received, the Base64 payload can be decoded, allowing the attacker to read arbitrary files on the server. Requirements: * write permissions to system notification templates * ability to trigger a corresponding system email ### PoC 1) Modify a template to contain the following twig template string: ```twig {{ dataUrl('/var/www/web/.env') }} ``` 2) Trigger the corresponding notification email (e...

GHSA-jrh5-vhr9-qh7q: Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution

### Summary A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double `file://` scheme (e.g., `file://file:////`). This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads, unauthorized access to sensitive files, and, under certain conditions, remote code execution (RCE) via Server-Side Template Injection (SSTI) payloads. Note that this will only work if you have an authenticated administrator account with [allowAdminChanges enabled](https://craftcms.com/docs/5.x/reference/config/general.html#allowadminchanges). https://craftcms.com/knowledge-base/securing-craft#set-allowAdminChanges-to-false-in-production ### Details The issue lies in line 57 of `cms/src/helpers/FileHelper.php`, it only removes `file://` on the most left. It is trivial to bypass this sanitization by adding 2 `file://`, e.g. `file://file:////`. ```php public static function normaliz...

The Role of Artificial Intelligence in Lead Generation

Unlock how AI transforms lead generation for businesses, from real-time targeting to automated follow-ups. Discover essential tools, tips…

Warning: Online shopping threats to avoid this Black Friday and Cyber Monday 

Where there’s a gift to be bought, there’s also a scammer out to make money. Here's how to stay safe this shopping season.

Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims

Romanian cybersecurity company Bitdefender has released a free decryptor to help victims recover data encrypted using the ShrinkLocker ransomware. The decryptor is the result of a comprehensive analysis of ShrinkLocker's inner workings, allowing the researchers to discover a "specific window of opportunity for data recovery immediately after the removal of protectors from BitLocker-encrypted

ICE Started Ramping Up Its Surveillance Arsenal Immediately After Donald Trump Won

US Immigration and Customs Enforcement put out a fresh call for contracts for surveillance technologies before an anticipated surge in the number of people it monitors ahead of deportation hearings.

Comprehensive Guide to Building a Strong Browser Security Program

The rise of SaaS and cloud-based work environments has fundamentally altered the cyber risk landscape. With more than 90% of organizational network traffic flowing through browsers and web applications, companies are facing new and serious cybersecurity threats. These include phishing attacks, data leakage, and malicious extensions. As a result, the browser also becomes a vulnerability that