Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Appointment Scheduler 3.0 Insecure Direct Object Reference

Appointment Scheduler version 3.0 suffers from an insecure direct object reference vulnerability.

Packet Storm
Open in Source
#vulnerability#windows#google#php#auth#firefox
AccPack Cop 1.0 Cross Site Request Forgery

AccPack Cop version 1.0 suffers from a cross site request forgery vulnerability.

AccPack Buzz 1.0 SQL Injection

AccPack Buzz version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Red Hat Security Advisory 2024-4972-03

Red Hat Security Advisory 2024-4972-03 - An update is now available for Red Hat OpenShift GitOps v1.11.7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a denial of service vulnerability.

Mirai Botnet targeting OFBiz Servers Vulnerable to Directory Traversal

Enterprise Resource Planning (ERP) Software is at the heart of many enterprising supporting human resources, accounting, shipping, and manufacturing. These systems can become very complex and difficult to maintain. They are often highly customized, which can make patching difficult. However, critical vulnerabilities keep affecting these systems and put critical business data at risk.  The

New Windows Backdoor BITSLOTH Exploits BITS for Stealthy Communication

Cybersecurity researchers have discovered a previously undocumented Windows backdoor that leverages a built-in feature called Background Intelligent Transfer Service (BITS) as a command-and-control (C2) mechanism. The newly identified malware strain has been codenamed BITSLOTH by Elastic Security Labs, which made the discovery on June 25, 2024, in connection with a cyber attack targeting an

GHSA-5cf7-cxrf-mq73: Bostr Improper Authorization vulnerability

Even with `authorized_keys` is filled with allowed pubkeys, If `noscraper` is enabled, It will allow anyone to use bqouncer even it's pubkey is not in `authorized_keys`. ### Impact - Private bouncer ### Patches Available on version [3.0.10](https://github.com/Yonle/bostr/releases/tag/3.0.10) ### Workarounds Disable `noscraper` if you have `authorized_keys` being set in config ### References This [line of code](https://github.com/Yonle/bostr/blob/8665374a66e2afb9f92d0414b0d6f420a95d5d2d/auth.js#L21) is the cause.

Extending Red Hat Unified Kernel Images More Securely By Using Addons

With the advent of Confidential Virtual Machines (CVMs) in RHEL, a new challenge has emerged: Extending the Red Hat UKI (Unified Kernel Image) more safely and without compromising its security footprint. Starting with Red Hat 9.4, the systemd package (252-31 and onwards) supports UKI addons, which aim to solve this issue.In this blog, I explore the addons that enable safer extension of the UKI kernel command line.What is the Unified Kernel Image (UKI)?The linux kernel is the core of any Linux operating system. It's the interface between the hardware and the processes running on it, providing m

Attacks on Bytecode Interpreters Conceal Malicious Injection Activity

By injecting malicious bytecode into interpreters for VBScript, Python, and Lua, researchers found they can circumvent malicious code detection.

More Legal Records Stolen in 2023 Than Previous 5 Years Combined

Law firms make the perfect target for extortion, so it's no wonder that ransomware attackers target them and demand multimillion dollar ransoms.