Security
Headlines
HeadlinesLatestCVEs

Latest News

GHSA-v2xm-76pq-phcf: ClassGraph XML External Entity Reference

ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XXE) attacks.

ghsa
Open in Source
#git
U.S. Bans Kaspersky Software, Citing National Security Risks

The U.S. Department of Commerce's Bureau of Industry and Security (BIS) on Thursday announced a "first of its kind" ban that prohibits Kaspersky Lab's U.S. subsidiary from directly or indirectly offering its security software in the country. The blockade also extends to the cybersecurity company's affiliates, subsidiaries and parent companies, the department said, adding the action is based on

Thousands of Car Dealerships Stalled Out After Software Provider Cyberattack

CDK Global, which makes software for car dealers, experienced a cyber incident that halted vehicle sales and service across the US.

Russia's Midnight Blizzard Seeks to Snow French Diplomats

The notorious cyber espionage group has been harrying French interests for years, and isn't flagging now as the Paris Olympics approach.

High-Risk Overflow Bug in Intel Chips Likely Impacts 100s of PC Models

The old, but newly disclosed, vulnerability is buried deep inside personal computers, servers, and mobile devices, and their supply chains, making remediation a headache.

Debian Security Advisory 5717-1

Debian Linux Security Advisory 5717-1 - It was discovered that user validation was incorrectly implemented for filter_var(FILTER_VALIDATE_URL) for php8.2.

TURPENTINE XNU Kernel Buffer Overflow

CVE-2024-27815 is a buffer overflow in the XNU kernel that was reported in sbconcat_mbufs. It was publicly fixed in xnu-10063.121.3, released with macOS 14.5, iOS 17.5, and visionOS 1.2. This bug was introduced in xnu-10002.1.13 (macOS 14.0/ iOS 17.0) and was fixed in xnu-10063.121.3 (macOS 14.5/ iOS 17.5). The bug affects kernels compiled with CONFIG_MBUF_MCACHE.

US Bans Kaspersky Software

Using a Trump-era authority, the US Commerce Department has banned the sale of Kaspersky’s antivirus tools to new customers in the US, citing alleged threats to national security.

GHSA-9gxx-58q6-42p7: Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service

### Impact A parsing vulnerability in lnd's onion processing logic led to a DoS vector due to excessive memory allocation. ### Patches The issue was patched in lnd [v0.17.0](https://github.com/lightningnetwork/lnd/releases/tag/v0.17.0-beta). Users should update to a version >= v0.17.0 to be protected. ### References Detailed blog post: https://morehouse.github.io/lightning/lnd-onion-bomb/ Developer discussion: https://delvingbitcoin.org/t/dos-disclosure-lnd-onion-bomb/979

KrebsOnSecurity Threatened with Defamation Lawsuit Over Fake Radaris CEO

On March 8, 2024, KrebsOnSecurity published a deep dive on the consumer data broker Radaris, showing how the original owners are two men in Massachusetts who operated multiple Russian language dating services and affiliate programs, in addition to a dizzying array of people-search websites. The subjects of that piece are threatening to sue KrebsOnSecurity for defamation unless the story is retracted. Meanwhile, their attorney has admitted that the person Radaris named as the CEO from its inception is a fabricated identity.