Security
Headlines
HeadlinesLatestCVEs

Latest News

GHSA-h4f5-h82v-5w4r: SurrealDB has an Uncaught Exception in Function Generating Random Time

The `rand::time()` function in SurrealQL generates a random time from an optional range of two Unix timestamps. Due to the underlying use of `timestamp_opt` from the `chrono` crate, this function could potentially return `None` in some instances, leading to a panic when `unwrap` was called on its result in order to return a SurrealQL `datetime` type to the caller of the function. ### Impact A client that is authorized to run queries in a SurrealDB server would be able to make repeated (in the order of millions) calls to `rand::time()` in order to reliably trigger a panic. This would crash the server, leading to denial of service. ### Patches The function has been updated in to guarantee that some `datetime` is returned or that an error is otherwise gracefully handled. - Version 2.1.0 and later are not affected by this issue. ### Workarounds Affected users who are unable to update may want to limit the ability of untrusted clients to run the `rand::time()` function in the affecte...

ghsa
#dos#auth
Yakuza Victim Data Leaked in Japanese Agency Attack

A local government resource for helping Japanese citizens cut ties with organized crime was successfully phished in a tech support scam, and could have dangerous consequences.

What Talent Gap? Hiring Practices Are the Real Problem

While the need for cybersecurity talent still exists, the budget may not. Here's how to maximize security staff despite hiring freezes.

Operation Lunar Peek: More Than 2,000 Palo Alto Network Firewalls Hacked

The Shadowserver Foundation reports over 2,000 Palo Alto Networks firewalls have been hacked via two zero-day vulnerabilities: CVE-2024-0012…

Fraud Prevention in Online Payments: A Practical Guide

Learn how to prevent payment fraud with effective fraud detection, online prevention solutions, and secure payment orchestration strategies.…

Meta takes down more than 2 million accounts in fight against pig butchering

Meta provided some insight into their fight against pig butchering scammers, who are often victims of organized crime themselves

APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware

The threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asynshell. The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file, the Knownsec 404 team said in an analysis published today. Mysterious Elephant, which is also known as

Leaky Cybersecurity Holes Put Water Systems at Risk

At least 97 major water systems in the US have serious cybersecurity vulnerabilities and compliance issues, raising concerns that cyberattacks could disrupt businesses, industry, and the lives of millions of citizens.

China-Linked TAG-112 Targets Tibetan Media with Cobalt Strike Espionage Campaign

A China-linked nation-state group called TAG-112 compromised Tibetan media and university websites in a new cyber espionage campaign designed to facilitate the delivery of the Cobalt Strike post-exploitation toolkit for follow-on information collection. "The attackers embedded malicious JavaScript in these sites, which spoofed a TLS certificate error to trick visitors into downloading a

US and Europe Account for 73% of Global Exposed ICS Systems

73% of globally exposed ICS systems are in the US and Europe, with the US leading at 38%.…