Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Faux ChatGPT, Claude API Packages Deliver JarkaStealer

Attackers are betting that the hype around generative AI (GenAI) is attracting less technical, less cautious developers who might be more inclined to download an open source Python code package for free access, without vetting it or thinking twice.

DARKReading
#web#windows#apple#linux#git#java#intel#auth
GHSA-27wf-5967-98gx: Kubernetes kubelet arbitrary command execution

The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2.

GHSA-mr95-vfcf-fx9p: Apache Answer: Predictable Authorization Token Using UUIDv1

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1, which fixes the issue.

GHSA-m52v-24p8-654f: SurrealDB has an Uncaught Exception Sorting Tables by Random Order

Sorting table records using an `ORDER BY` clause with the `rand()` function as sorting mechanism could cause a panic due to relying on a comparison function that did not implement total order. This event resulted in a panic due to a recent [change in Rust 1.81](https://blog.rust-lang.org/2024/09/05/Rust-1.81.0.html#new-sort-implementations). ### Impact A client that is authorized to run queries in a SurrealDB server would be able to query a table with `ORDER BY rand()` in order to potentially cause a panic in the sorting function. This would crash the server, leading to denial of service. ### Patches The sorting algorithm has been updated to guarantee total order when shuffling records. - Version 2.1.0 and later are not affected by this issue. ### Workarounds Affected users who are unable to update may want to limit the ability of untrusted clients to run arbitrary SurrealQL queries in the affected versions of SurrealDB. To limit the impact of the denial of service, SurrealDB ad...

GHSA-h4f5-h82v-5w4r: SurrealDB has an Uncaught Exception in Function Generating Random Time

The `rand::time()` function in SurrealQL generates a random time from an optional range of two Unix timestamps. Due to the underlying use of `timestamp_opt` from the `chrono` crate, this function could potentially return `None` in some instances, leading to a panic when `unwrap` was called on its result in order to return a SurrealQL `datetime` type to the caller of the function. ### Impact A client that is authorized to run queries in a SurrealDB server would be able to make repeated (in the order of millions) calls to `rand::time()` in order to reliably trigger a panic. This would crash the server, leading to denial of service. ### Patches The function has been updated in to guarantee that some `datetime` is returned or that an error is otherwise gracefully handled. - Version 2.1.0 and later are not affected by this issue. ### Workarounds Affected users who are unable to update may want to limit the ability of untrusted clients to run the `rand::time()` function in the affecte...

Yakuza Victim Data Leaked in Japanese Agency Attack

A local government resource for helping Japanese citizens cut ties with organized crime was successfully phished in a tech support scam, and could have dangerous consequences.

What Talent Gap? Hiring Practices Are the Real Problem

While the need for cybersecurity talent still exists, the budget may not. Here's how to maximize security staff despite hiring freezes.

Operation Lunar Peek: More Than 2,000 Palo Alto Network Firewalls Hacked

The Shadowserver Foundation reports over 2,000 Palo Alto Networks firewalls have been hacked via two zero-day vulnerabilities: CVE-2024-0012…

Fraud Prevention in Online Payments: A Practical Guide

Learn how to prevent payment fraud with effective fraud detection, online prevention solutions, and secure payment orchestration strategies.…

Leaky Cybersecurity Holes Put Water Systems at Risk

At least 97 major water systems in the US have serious cybersecurity vulnerabilities and compliance issues, raising concerns that cyberattacks could disrupt businesses, industry, and the lives of millions of citizens.