Security
Headlines
HeadlinesLatestCVEs

Tag

#c++

White House's Call for Memory Safety Brings Challenges, Changes & Costs

Improving security in the applications that drive the digital economy is a necessary undertaking, requiring ongoing collaboration between the public and private sectors.

DARKReading
#vulnerability#google#microsoft#linux#git#intel#c++#auth
China-Linked Threat Actor Taps 'Peculiar' Malware to Evade Detection

UNAPIMON works by meticulously disabling hooks in Windows APIs for detecting malicious processes.

Linux Version of DinodasRAT Spotted in Cyber Attacks Across Several Countries

A Linux version of a multi-platform backdoor called DinodasRAT has been detected in the wild targeting China, Taiwan, Turkey, and Uzbekistan, new findings from Kaspersky reveal. DinodasRAT, also known as XDealer, is a C++-based malware that offers the ability to harvest a wide range of sensitive data from compromised hosts. In October 2023, Slovak cybersecurity firm ESET

Win32.STOP.Ransomware (Smokeloader) MVID-2024-0676 Remote Code Execution

Win32.STOP.Ransomware (smokeloader) malware suffers from both local and remote code execution vulnerabilities. The remote code execution can be achieved by leveraging a man-in-the-middle attack.

GHSA-h2x6-5jx5-46hf: RCE in TranformGraph().to_dot_graph function

### Summary RCE due to improper input validation in TranformGraph().to_dot_graph function ### Details Due to improper input validation a malicious user can provide a command or a script file as a value to `savelayout` argument, which will be placed as the first value in a list of arguments passed to `subprocess.Popen`. https://github.com/astropy/astropy/blob/9b97d98802ee4f5350a62b681c35d8687ee81d91/astropy/coordinates/transformations.py#L539 Although an error will be raised, the command or script will be executed successfully. ### PoC ```shell $ cat /tmp/script #!/bin/bash echo astrorce > /tmp/poc.txt ``` ```shell $ python3 Python 3.9.2 (default, Feb 28 2021, 17:03:44) [GCC 10.2.1 20210110] on linux Type "help", "copyright", "credits" or "license" for more information. >>> from astropy.coordinates.transformations import TransformGraph >>> tg = TransformGraph() >>> tg.to_dot_graph(savefn="/tmp/1.txt", savelayout="/tmp/script") Traceback (most recent call last): File "<stdin>", l...

RT-Thread RTOS 5.0.2 Overflows / Weak Random Source

RT-Thread RTOS versions 5.0.2 and below suffer from multiple buffer overflows, a weak random source in rt_random driver, and various other vulnerabilities.

TPC-110W Missing Authentication

TPC-110W suffers from a missing authentication vulnerability.

Debian Security Advisory 5634-1

Debian Linux Security Advisory 5634-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Multiple vulnerabilities in Adobe Acrobat Reader could lead to remote code execution

Other potential code execution vulnerabilities are also present in Weston Embedded µC/HTTP-server, a web server component in Weston Embedded's in-house operating system and an open-source library that processes several types of potentially sensitive medical tests.

Top Software Development Outsourcing Trends

By Uzair Amir Eastern Europe is swiftly rising to prominence in the software development outsourcing sector. This ascendance is marked not… This is a post from HackRead.com Read the original post: Top Software Development Outsourcing Trends