Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

U.S. Sanctions Two Crypto Exchanges for Facilitating Cybercrime and Money Laundering

The U.S. government on Thursday sanctioned two cryptocurrency exchanges and unsealed an indictment against a Russian national for his alleged involvement in the operation of several money laundering services that were offered to cybercriminals. The virtual currency exchanges, Cryptex and PM2BTC, have been alleged to facilitate the laundering of cryptocurrencies possibly obtained through

The Hacker News
Open in Source
#web#intel#auth#The Hacker News
GHSA-jg74-mwgw-v6x3: Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default

Vault’s SSH secrets engine did not require the valid_principals list to contain a value by default. If the valid_principals and default_user fields of the SSH secrets engine configuration are not set, an SSH certificate requested by an authorized user to Vault’s SSH secrets engine could be used to authenticate as any user on the host. Fixed in Vault Community Edition 1.17.6, and in Vault Enterprise 1.17.6, 1.16.10, and 1.15.15.

Memory-Safe Code Adoption Has Made Android Safer

The number of memory bugs in Android declined sharply after Google began transitioning to Rust for new features in its mobile OS.

GHSA-h4h5-9833-v2p4: Rancher agents can be hijacked by taking over the Rancher Server URL

### Impact A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle (MITM) attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit this vulnerability. The targeted domain is the one used as the Rancher URL. SUSE is unaware of any successful exploitation of this vulnerability, which has a high complexity bar. Please consult the associated [MITRE ATT&CK - Technique - Adversary-in-the-Middle](https://attack.mitre.org/techniques/T1557/) for further information about this attack category. ### Patches A new setting, [`agent-tls-mode`](https://ranchermanager.docs.rancher.com/getting-started/installation-and-upgrade/installation-references/tls-settings), was added, which allows users to specify if agents will use `strict` certificate verification when connecting to Rancher. The field can be set to `strict` (which requires the agent to ver...

Security Upgrades Available for 3 HPE Aruba Networking Bugs

The vendor says there are no reports of the flaws being exploited in the wild nor any public exploit codes currently available.

Transport, Logistics Orgs Hit by Stealthy Phishing Gambit

Companies in this industry vertical tend toward large financial transactions with partners, suppliers, and customers.

Old Vulnerability Rated 9.9 Impacts All GNU/Linux Systems, Researcher Claims

A researcher claims to have found a decade-old vulnerability rated 9.9 that affects all GNU/Linux systems, allowing attackers…

Congress Advances Bill to Add AI to National Vulnerability Database

The AI Incident Reporting and Security Enhancement Act would allow NIST to create a process for reporting and tracking vulnerabilities found in AI systems.

Public Wi-Fi Compromised in UK Train Stations

British Transport Police and Network Rail are investigating the incident, in which bad actors posted Islamophobic messages on the transport system's network.