Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

China's Cyber Offensives Built in Lockstep With Private Firms, Academia

The scale of Beijing's systematic tapping of private industry and universities to build up its formidable hacking and cyber-warfare capabilities is larger than previously understood.

DARKReading
Open in Source
#web#dos#git#intel#auth
Microsoft Highlights Security Exposure Management at Ignite

Building on its broad security portfolio, Microsoft's new exposure management is now available in the Microsoft Defender portal, with third-party-connectors on the way.

Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack

In a first, Russia's APT28 hacking group appears to have remotely breached the Wi-Fi of an espionage target by hijacking a laptop in another building across the street.

Malware Bypasses Microsoft Defender and 2FA to Steal $24K in Crypto

Malware bypasses Microsoft Defender and 2FA, stealing $24K in cryptocurrency via a fake NFT game app. Learn how…

Cross-Site Scripting Is 2024's Most Dangerous Software Weakness

MITRE and CISA's 2024 list of the 25 most dangerous software weaknesses exposes the need for organizations to continue to invest in secure code.

Microsoft Takes Action Against Phishing-as-a-Service Platform

The ONNX infrastructure has been servicing criminal actors as far back as 2017.

GHSA-rmxg-6qqf-x8mr: GeoNode Server Side Request forgery

### Summary A server side request forgery vuln was found within geonode when testing on a bug bounty program. Server side request forgery allows a user to request information on the internal service/services. ### Details The endpoint /proxy/?url= does not properly protect against SSRF. when using the following format you can request internal hosts and display data. /proxy/?url=http://169.254.169.254\@whitelistedIPhere. This will state wether the AWS internal IP is alive. If you get a 404, the host is alive. A non alive host will not display a response. To display metadata, use a hashfrag on the url /proxy/?url=http://169.254.169.254\@#whitelisteddomain.com or try /proxy/?url=http://169.254.169.254\@%23whitelisteddomain.com ### Impact Port scan internal hosts, and request information from internal hosts.

GHSA-5cph-wvm9-45gj: Flowise OverrideConfig security vulnerability

### Impact Flowise allows developers to inject configuration into the Chainflow during execution through the `overrideConfig` option. This is supported in both the frontend web integration and the backend Prediction API. This has a range of fundamental issues that are a **major** security vulnerability. While this feature is intentional, it should have strong protections added and be disabled by default. These issues include: 1. Remote code execution. While inside a sandbox this allows for 1. Sandbox escape 2. DoS by crashing the server 3. SSRF 2. Prompt Injection, both System and User 1. Full control over LLM prompts 2. Server variable and data exfiltration And many many more such as altering the flow of a conversation, prompt exfiltration via LLM proxying etc. These issues are self-targeted and do not persist to other users but do leave the server and business exposed. All issues are shown with the API but also work with the web embed. ### Workarounds - `overrideC...

Cloud Security Startup Wiz to Acquire Dazz in Risk Management Play

Dazz's remediation engine will boost risk management in Wiz's cloud security portfolio.