Security
Headlines
HeadlinesLatestCVEs

Tag

#acer

Zerto Introduces Cloud Vault Solution for Enhanced Cyber Resilience Through MSPs

DARKReading
Open in Source
#ios#google#microsoft#oracle#acer#ibm
Cyberbullying and the Law: When Does Online Harassment Become a Criminal Offense?

The rise of social media and digital communication has transformed how we connect, but it has also opened…

GHSA-4c49-9fpc-hc3v: lxd CA certificate sign check bypass

### Summary If a `server.ca` file is present in `LXD_DIR` at LXD start up, LXD is in "PKI mode". In this mode, only TLS clients that have a CA-signed certificate should be able to authenticate with LXD. We have discovered that if a client that sends a non-CA signed certificate during the TLS handshake, that client is able to authenticate with LXD if their certificate is present in the trust store. - The LXD Go client (and by extension `lxc`) does not send non-CA signed certificates during the handshake. - A manual client (e.g. `cURL`) might send a non-CA signed certificate during the handshake. #### Versions affected LXD 4.0 and above. ### Details When PKI mode was added to LXD it was intended that all client and server certificates *must* be signed by the certificate authority (see https://github.com/canonical/lxd/pull/2070/commits/84d917bdcca6fe1e3191ce47f1597c7d094e1909). In PKI mode, the TLS listener configuration is altered to add the CA certificate but the `ClientAut...

She Escaped an Abusive Marriage—Now She Helps Women Battle Cyber Harassment

Inspired by her own experience of abuse, Nighat Dad fights for women’s social and digital rights in Pakistan and beyond.

Misconfigured WAFs Heighten DoS, Breach Risks

Organizations that rely on their content delivery network provider for Web application firewall services may be inadvertently leaving themselves open to attack.

'Bootkitty' First Bootloader to Take Aim at Linux

Though it's still just a proof of concept, the malware is functional and can evade the Secure Boot process on devices from multiple vendors.

To Map Shadow IT, Follow Citizen Developers

The tangle of user-built tools is formidable to manage, but it can lead to a greater understanding of real-world business needs.

Emmenhtal Loader Uses Scripts to Deliver Lumma and Other Malware

Emmenhtal Loader uses LOLBAS techniques, deploying malware like Lumma and Amadey through legitimate Windows tools. Its infection chain…

Middle East Cybersecurity Efforts Catch Up After Late Start

Despite having only a scant focus on cybersecurity regulations a decade ago, countries in the Middle East — led by Saudi Arabia and other Gulf nations — have adopted mature frameworks and regulations amid escalating volumes of attacks.

Has the Cybersecurity Workforce Peaked?

While training and credentialing organizations continue to talk about a "gap" in skilled cybersecurity workers, demand — especially for entry-level workers — has plateaued, spurring criticism of the latest rosy stats that seem to support a hot market for qualified cyber pros.