Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

CISA Releases Plan to Align Cybersecurity Across Federal Agencies

The FOCAL plan outlines baselines to synchronize cybersecurity priorities and policies across, as well as within, agencies.

DARKReading
#vulnerability#auth
Ivanti's Cloud Service Appliance Attacked via Second Vuln

The critical bug, CVE-2024-8963, can be used in conjunction with the prior known flaw to achieve remote code execution (RCE).

Citrine Sleet Poisons PyPI Packages With Mac & Linux Malware

A North Korean advanced persistent threat (APT) actor (aka Gleaming Pisces) tried to sneak simple backdoors into public software packages.

Zero-Click MediaTek Bug Opens Phones, Wi-Fi to Takeover

Critical-rated CVE-2024-20017 allows remote code execution (RCE) on a range of phones and Wi-Fi access points from a variety of OEMs.

Police Broke Tor Anonymity to Arrest Dark Web Users in Major CSAM Bust

German authorities dismantled Boystown, a notorious Dark Web platform for CSAM, by deanonymizing Tor users in 2021. This…

LinkedIn Addresses User Data Collection for AI Training

The company announced an update to its privacy policy, acknowledging it is using customer data to train its AI models.

GHSA-rxq8-q85f-m866: Prevent XSS from Confidant API call

### Impact _What kind of vulnerability is it? Who is impacted?_ Potential XSS from API calls below: GET <app>/v1/credentials GET <app>/v1/credentials/<id> GET <app>/v1/archive/credentials/<id> GET <app>/v1/archive/credentials POST <app>/v1/credentials PUT <app>/v1/credentials/<id> PUT <app>/v1/credentials/<id>/<to_revision> GET <app>/v1/services GET <app>/v1/services/<id> GET <app>/v1/archive/services/<id> GET <app>/v1/archive/services PUT <app>/v1/services/<id> PUT <app>/v1/services/<id>/<to_revision> Stored XSS that can only be used as a stored HTML injection. The attacker needs to be authenticated and have privileges to create new credentials, but could use this to show information and run scripts to other users into the same Confidant instance. ### Patches _Has the problem been patched? What versions should users upgrade to?_ yes, version 6.6.2 ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ NO ### References _Are there any l...

BlackNET 3.7.0.0 Missing Authentication / File Deletion / Traversal

BlackNET version 3.7.0.0 appears to allow unauthenticated access to modify data and suffers from arbitrary file deletion and directory traversal vulnerabilities while authenticated.

Red Hat Security Advisory 2024-6890-03

Red Hat Security Advisory 2024-6890-03 - New Red Hat build of Keycloak 24.0.8 packages with security impact Important are available from the Customer Portal. Issues addressed include a privilege escalation vulnerability.

Red Hat Security Advisory 2024-6889-03

Red Hat Security Advisory 2024-6889-03 - New images with security impact Important are available for Red Hat build of Keycloak 24.0.8 and Red Hat build of Keycloak 24.0.8 Operator, running on OpenShift Container Platform. Issues addressed include a privilege escalation vulnerability.