#git

Multiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for using them in phishing attacks and investment fraud schemes for years. The findings come from Infoblox, which said it identified nearly 800,000 vulnerable registered domains over the past three months, of which approximately 9% (70,000) have been subsequently

Cloud service providers are getting better at protecting data, pushing adversaries to develop new cloud ransomware scripts to target PHP applications, a new report says.

### Impact s2n-tls uses the Linux atexit function to register functions that clean up the global state when the process exits. In multi-threaded environments, the atexit handler may clean up state which is still in use by other threads. When this occurs, the exiting process may experience a segmentation fault or other undefined behavior. Customers of AWS services do not need to take action. Applications using s2n-tls should upgrade to the most recent release of s2n-tls. **Impacted versions**: < v1.5.9. ### Patches The patch commit [493b771](https://github.com/aws/s2n-tls/commit/493b77167dc367c394de23cfe78a029298e2a254) is included in s2n-tls v1.5.9 [1] ### Workarounds The atexit handler may be disabled by calling `s2n_disable_atexit()` prior to initializing s2n-tls. The atexit handler is off by default in the patched versions. For further details, refer to [s2n-tls Usage Guide: Initialization and Teardown](https://github.com/aws/s2n-tls/blob/main/docs/usage-guide/topics/ch02-initi...

Red Hat Security Advisory 2024-9571-03 - Streams for Apache Kafka 2.8.0 is now available from the Red Hat Customer Portal. Issues addressed include denial of service and man-in-the-middle vulnerabilities.

If the government truly wants to protect the US's most vital assets, it must rethink its cybersecurity policies and prioritize proactive, coordinated, and enforceable measures.

Google has revealed that bad actors are leveraging techniques like landing page cloaking to conduct scams by impersonating legitimate sites. "Cloaking is specifically designed to prevent moderation systems and teams from reviewing policy-violating content which enables them to deploy the scam directly to users," Laurie Richardson, VP and Head of Trust and Safety at Google, said. "The landing

Group-IB has uncovered Lazarus group’s stealthy new trojan and technique of hiding malicious code in extended attributes on…

Less-experienced users of Microsoft's website building platform may not understand all the implications of the access controls in its low- or no-code environment.

A scammer was caught after they defrauded some 400 people for almost $20 million in real estate.

Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects.