#auth

Consumers are victims of online scams and have their data stolen, but they are lagging on adopting security tools to protect themselves.

Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes across a range of products, and Apple has addressed a bug in its new macOS 15 "Sequoia" update that broke many cybersecurity tools.

Due to the order in which permissions were processed, some statements, filters and computations could lead to leaking field values or record contents to users without the required permissions. This behavior could be triggered in different scenarios: - When performing a `SELECT` operation on a table, the values that would be returned were iterated over, field permissions would be validated and any unauthorized value would be removed from the result returned. However, performing a `SELECT VALUE` operation (e.g. `SELECT VALUE private FROM data`) would result in a non-iterable value, which would not be removed from the returned result. - When aliasing a field (e.g. `SELECT private AS public FROM data`) for which the user did not have `SELECT` permissions within a `SELECT` query, permissions would be checked against the field of the resulting document containing the aliased field instead of the original document containing the original field. As a consequence, the original field value wou...

The error rendering code from the parser would panic when handling failed parsing of queries where the error occurred when converting an empty string to a SurrealDB value. This would be the case when casting an empty string to a `record`, `duration` or `datetime`, as well as potentially when parsing an empty string to JSON or providing an empty string to the `type::field` and `type::fields` functions. ### Impact A client that is authorized to run queries in a SurrealDB server would be able to execute a malformed query which would fail to parse when converting an empty string and cause a panic in the error rendering code. This would crash the server, leading to denial of service. ### Patches - Version 2.0.4 and later are not affected by this issue. ### Workarounds Affected users who are unable to update may want to limit the ability of untrusted clients to run arbitrary SurrealQL queries in the affected versions of SurrealDB. To limit the impact of the denial of service, SurrealDB...

Attorneys for Joseph Sullivan argue the jury didn't hear essential facts of the case during the original trial and that his conviction must be overturned.

Threat actors are actively exploiting two of the vulnerabilities, while three others are publicly known and ripe for attack.

An arbitrary file read vulnerability in Adguard Home before v0.107.52 allows authenticated attackers to access arbitrary files as root on the underlying Operating System via placing a crafted file into a readable directory.

Money transfer giant MoneyGram has notified customers about a data breach that has spilt sensitive customer information.

The two vulnerabilities that Microsoft reports have been actively exploited in the wild and are publicly known are both rated as only being of “moderate” severity.

As healthcare organizations struggle against operational issues, two-thirds of the industry suffered ransomware attacks in the past year, and an increasing number are caving to extortion and paying up.