Security
Headlines
HeadlinesLatestCVEs

Latest News

Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution

A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows. The high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5), affects all versions of the software before 18.12.16. "An attacker with no valid

The Hacker News
Open in Source
#sql#vulnerability#web#windows#linux#apache#rce#ssrf#botnet#auth#The Hacker News
Pavel Durov Criticizes Outdated Laws After Arrest Over Telegram Criminal Activity

Telegram CEO Pavel Durov has broken his silence nearly two weeks after his arrest in France, stating the charges are misguided. "If a country is unhappy with an internet service, the established practice is to start a legal action against the service itself," Durov said in a 600-word statement on his Telegram account. "Using laws from the pre-smartphone era to charge a CEO with crimes committed

GHSA-7q74-g774-7x3g: Interchain Security: The signers of ICS messages do not need to match the provider address

### Context ICS has the following four messages that enable validators on the provider chain to perform different actions: - `MsgOptIn` -- adds a validator to the consumer chain’s active set - `MsgOptOut` -- removes a validator from the consumer chain’s active set - `MsgAssignConsumerKey` -- changes the consensus key used for a validator’s operations on a consumer chain - `MsgSetConsumerCommissionRate` -- sets a validator’s consumer-specific commission rate Normally, only the respective validators are allowed to perform these actions. ### Issue The upgrade to SDK 0.50, introduced a [signer](https://docs.cosmos.network/v0.50/build/building-modules/protobuf-annotations#signer) field to these messages. This field is used to authenticate the user sending the message to the system. However, there was no validation on the ICS side to check if the signer matches the provider address. As a result, any user could opt-in, opt-out, change the commission rate, or change what public key a...

YubiKeys Are a Security Gold Standard—but They Can Be Cloned

Security researchers have discovered a cryptographic flaw that leaves the YubiKey 5 vulnerable to attack.

Russia’s Most Notorious Special Forces Unit Now Has Its Own Cyber Warfare Team

Unit 29155 of Russia’s GRU military intelligence agency—a team responsible for coup attempts, assassinations, and bombings—has branched out into brazen hacking operations with targets across the world.

GHSA-rwq6-crjg-9cpw: ic-cdk has a memory leak when calling a canister method via `ic_cdk::call`

When a canister method is called via `ic_cdk::call*`, a new Future `CallFuture` is created and can be awaited by the caller to get the execution result. Internally, the state of the Future is tracked and stored in a struct called `CallFutureState`. A bug in the polling implementation of the `CallFuture` allows multiple references to be held for this internal state and not all references were dropped before the `Future` is resolved. Since we have unaccounted references held, a copy of the internal state ended up being persisted in the canister's heap and thus causing a memory leak. ### Impact Canisters built in Rust with `ic_cdk` and `ic_cdk_timers` are affected. If these canisters call a canister method, use timers or heartbeat, they will likely leak a small amount of memory on every such operation. **In the worst case, this could lead to heap memory exhaustion triggered by an attacker.** Motoko based canisters are not affected by the bug. ### Patches The patch has been backporte...

GHSA-fv4g-gwpj-74gr: Path traversal vulnerability in stripe-cli

### Impact A vulnerability exists in stripe-cli versions 1.11.1 and higher where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags can overwrite arbitrary files. The update addresses the path traversal vulnerability by removing the ability to install plugins from an archive URL or path. There has been no evidence of exploitation of this vulnerability. ### Recommendation Upgrade to stripe-cli v1.21.3. ### For more information Email us at [[email protected]](mailto:[email protected])

GHSA-4jcv-vp96-94xr: MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding

### Summary DNS rebinding is a method of manipulating resolution of domain names to let the initial DNS query hits an address and the second hits another one. For instance the host `make-190.119.176.200-rebind-127.0.0.1-rr.1u.ms` would be initially resolved to `190.119.176.200` and the next DNS issue to `127.0.0.1`. Please notice the following in the latest codebase: ```python def is_private_url(url: str): """ Raises exception if url is private :param url: url to check """ hostname = urlparse(url).hostname if not hostname: # Unable to find hostname in url return True ip = socket.gethostbyname(hostname) return ipaddress.ip_address(ip).is_private ``` As you can see, during the call to `is_private_url()` the initial DNS query would be issued by `ip = socket.gethostbyname(hostname)` to an IP (public one) and then due to DNS Rebinding, the next GET request would goes to the private one. ### PoC ```python from flask import Flask, requ...

Watch our new documentary, "The Light We Keep: A Project PowerUp Story"

The Light We Keep documentary tells the story of the consequences of electronic warfare in Ukraine and its effect on power grids across the country.

TALOS
Open in Source