Latest News
### Summary An arbitrary file write vulnerability exists in the webcrack module when processing specifically crafted malicious code on Windows systems. This vulnerability is triggered when using the unpack bundles feature in conjunction with the saving feature. If a module name includes a path traversal sequence with Windows path separators, an attacker can exploit this to overwrite files on the host system. ### Details Source: [packages/webcrack/src/unpack/bundle.ts#L79](https://github.com/j4k0xb/webcrack/blob/241f9469e6401f3dabc6373233d85a5e76966b54/packages/webcrack/src/unpack/bundle.ts#L79) ```ts import { posix } from 'node:path'; import type { Module } from './module'; // eslint-disable-next-line @typescript-eslint/unbound-method const { dirname, join, normalize } = posix; /* ... snip ... */ const modulePath = normalize(join(path, module.path)); if (!modulePath.startsWith(path)) { throw new Error(`detected path traversal: ${module.path}`); } await mkdir(dirname(modulePath...
Security researchers say they’ve extracted digital management keys from select electronic lockers and revealed how they could be cloned.
### Summary An issue was identified in the Interchain Security (ICS) module that could result in the slashing of a validator for an "old" equivocation. The height-base filter for consumer equivocation evidence introduced in [v2.4.0-lsm](https://github.com/cosmos/interchain-security/releases/tag/v2.4.0-lsm) was re-enabled. ### Details ICS [v2.4.0-lsm](https://github.com/cosmos/interchain-security/releases/tag/v2.4.0-lsm) introduced a height-base filter for consumer equivocation evidence. This feature enables a provider to set per consumer chain minimum heights for which cryptographic evidence is considered valid. The Cosmos Hub [v14 upgrade](https://github.com/cosmos/gaia/releases/tag/v14.1.0) bumped ICS to v2.4.0-lsm and also set the minimum evidence height for both `neutron-1` and `stride-1` consumer chains to their respective height at that time (see [PR](https://github.com/cosmos/gaia/pull/2821)). As a result, "older" cryptographic evidence was no longer accepted by the Hub. ...
### Impact When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. `urlparse` however treats a `//` at the start of a string as a URI without a scheme, and then treats the next part as the hostname. `urljoin` will then use that hostname from the second part as the hostname replacing the original one from the request. ``` >>> parse.urlparse("//example.com/test/path") ParseResult(scheme='', netloc='example.com', path='/test/path', params='', query='', fragment='') ``` WebOb uses `urljoin` to take the request URI and joining the redirect location, so assuming the request URI is: `https://example.org//example.com/some/path`, and the URL to redirect to (for example by adding a slash automatically) is `//example.com/some/path/` that gets turned by `urljoin` into: ``` >>> parse.urljoin("https://example.org//attacker.com/some/path", "//attacker....
An ongoing social engineering campaign with alleged links to the Black Basta ransomware group has been linked to "multiple intrusion attempts" with the goal of conducting credential theft and deploying a malware dropper called SystemBC. "The initial lure being utilized by the threat actors remains the same: an email bomb followed by an attempt to call impacted users and offer a fake solution,"
Eight of the vulnerabilities affect the license update feature for CLIPSP.SYS, a driver used to implement Client License System Policy on Windows 10 and 11.
The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
In K7 Ultimate Security versions prior to 17.0.2019, the driver file (K7RKScan.sys - this version 15.1.0.7) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of a null pointer dereference from IOCtl 0x222010 and 0x222014. At the same time, the drive is accessible to all users in the "Everyone" group.
Debian Linux Security Advisory 5748-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.
Red Hat Security Advisory 2024-5365-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include double free and null pointer vulnerabilities.