Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

US bans Kaspersky, warns: “Immediately stop using that software”

“Immediately stop using [Kaspersky] and switch to an alternative” warned the Commerce Secretary in a new US ban of the antivirus provider.

Malwarebytes
Open in Source
#intel#auth
Was T-Mobile compromised by a zero-day in Jira?

IntelBroker is offering source code from major companies for sale. Are they demonstrating the value of a zero-day they are also selling?

U.S. Bans Kaspersky Software, Citing National Security Risks

The U.S. Department of Commerce's Bureau of Industry and Security (BIS) on Thursday announced a "first of its kind" ban that prohibits Kaspersky Lab's U.S. subsidiary from directly or indirectly offering its security software in the country. The blockade also extends to the cybersecurity company's affiliates, subsidiaries and parent companies, the department said, adding the action is based on

Russia's Midnight Blizzard Seeks to Snow French Diplomats

The notorious cyber espionage group has been harrying French interests for years, and isn't flagging now as the Paris Olympics approach.

High-Risk Overflow Bug in Intel Chips Likely Impacts 100s of PC Models

The old, but newly disclosed, vulnerability is buried deep inside personal computers, servers, and mobile devices, and their supply chains, making remediation a headache.

US Bans Kaspersky Software

Using a Trump-era authority, the US Commerce Department has banned the sale of Kaspersky’s antivirus tools to new customers in the US, citing alleged threats to national security.

DDoS Attack Targets Poland's UEFA Euro Opening Match

The stream was briefly knocked offline, preventing millions of fans from accessing the game. Poland's head of digital services says "all leads lead to the Russian Federation."

GHSA-grjv-gjgr-66g2: SpiceDB exclusions can result in no permission returned when permission expected

### Background Use of an exclusion under an arrow that has multiple resources may resolve to `NO_PERMISSION` when permission is expected. For example, given this schema: ```zed definition user {} definition folder { relation member: user relation banned: user permission view = member - banned } definition resource { relation folder: folder permission view = folder->view } ``` If the resource exists under *multiple* folders and the user has access to view more than a single folder, SpiceDB may report the user does not have access due to a failure in the exclusion dispatcher to request that *all* the folders in which the user is a member be returned ### Impact Permission is returned as `NO_PERMISSION` when `PERMISSION` is expected on the `CheckPermission` API. ### Workarounds None

GHSA-rvj4-q8q5-8grf: ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability

### Impact There is a vulnerability in [Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability](https://nvd.nist.gov/vuln/detail/CVE-2024-35255). ### References - [CVE-2024-35255](https://nvd.nist.gov/vuln/detail/CVE-2024-35255) ### Patches - https://github.com/traefik/traefik/releases/tag/v2.11.5 - https://github.com/traefik/traefik/releases/tag/v3.0.3 ### Workarounds No workaround. ### For more information If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).