Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability

Fortinet has released patches to address a critical security flaw impacting FortiClientLinux that could be exploited to achieve arbitrary code execution. Tracked as CVE-2023-45590, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10. "An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientLinux may allow an unauthenticated attacker to

The Hacker News
Open in Source
#vulnerability#linux#auth#The Hacker News
Japan, Philippines & US Forge Cyber Threat Intel-Sharing Alliance

Following the Volt Typhoon attacks on critical infrastructure in the region by China, the US reportedly will share cybersecurity threat information with both countries.

GHSA-j85q-46hg-36p2: SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used

### Background Use of a relation of the form: `relation folder: folder | folder#parent` with an arrow such as `folder->view` can cause LookupSubjects to only return the subjects found under subjects for *either* `folder` or `folder#parent`. This bug *only* manifests if the *same* subject type is used multiple types in a relation, relationships exist for both subject types *and* an arrow is used over the relation. ### Impact Any user making a negative authorization decision based on the results of a LookupSubjects request with version before v1.30.1 is affected. ### Workarounds Avoid using LookupSubjects for negative authorization decisions and/or avoid using the broken schema.

XZ Utils Scare Exposes Hard Truths About Software Security

Much of the open source code embedded in enterprise software stacks comes from small, under-resourced, volunteer-run projects.

Selecting the Right Authentication Protocol for Your Business

Prioritizing security and user experience will help you build a robust and reliable authentication system for your business.

Trump Loyalists Kill Vote on US Wiretap Program

An attempt to reauthorize Section 702, the so-called crown jewel of US spy powers, failed for a third time in the House of Representatives after former president Donald Trump criticized the law.

NSA Updates Zero-Trust Advice to Reduce Attack Surfaces

Agency encourages broader use of encryption, data-loss prevention, as well as data rights management to safeguard data, networks, and users.

How to protect yourself from online harassment

Don't wait for an online harassment campaign to unfairly target you or a loved one. Take these proactive steps today to stay safe.

TA547 Uses an LLM-Generated Dropper to Infect German Orgs

It's finally happening: Rather than just for productivity and research, threat actors are using LLMs to write malware. But companies need not worry just yet.

GHSA-wvpx-g427-q9wc: llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution

A vulnerability was identified in the `exec_utils` class of the `llama_index` package, specifically within the `safe_eval` function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method restrictions and execute unauthorized code. The vulnerability is a bypass of the previously addressed CVE-2023-39662, demonstrated through a proof of concept that creates a file on the system by exploiting the flaw.