Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Connected contraptions cause conniption for 2024

From "spying" air fryers to 3 million rogue toothbrushes, here are the strangest stories about internet-connected home goods in 2024.

Malwarebytes
Open in Source
#vulnerability#web#android#ddos#dos#git#java#xiaomi
Data breaches in 2024: Could it get any worse?

An overview of what the year 2024 had to offer in the realm of data breaches: Big ones, sensitive data and some duds

16 Chrome Extensions Hacked in Large-Scale Credential Theft Scheme

SUMMARY A sophisticated attack campaign has compromised at least 16 Chrome browser extensions, exposing over 600,000 users to…

GHSA-gmx7-gr5q-85w5: magic-crypt uses insecure cryptographic algorithms

This crate uses a number of cryptographic algorithms that are no longer considered secure and it uses them in ways that do not guarantee the integrity of the encrypted data. `MagicCrypt64` uses the insecure DES block cipher in CBC mode without authentication. This allows for practical brute force and padding oracle attacks and does not protect the integrity of the encrypted data. Key and IV are generated from user input using CRC64, which is not at all a key derivation function. `MagicCrypt64`, `MagicCrypt128`, `MagicCrypt192`, and `MagicCrypt256` are all vulnerable to padding-oracle attacks. None of them protect the integrity of the ciphertext. Furthermore, none use password-based key derivation functions, even though the key is intended to be generated from a password. Each of the implementations are unsound in that they use uninitialized memory without `MaybeUninit` or equivalent structures. For more information, visit the [issue](https://github.com/magiclen/rust-magiccrypt/issu...

GHSA-gv7f-5qqh-vxfx: xous has unsound usages of `core::slice::from_raw_parts`

We consider `as_slice` and `as_slice_mut` unsound because: the pointer with any bit patterns could be cast to the slice of arbitrary types. The pointer could be created by unsafe new and deprecated `from_parts`. We consider that `from_parts` should be removed in latest version because it will help trigger unsoundness in `as_slice`. With new declared as unsafe, `as_slice` should also declared as unsafe. This was patched in by marking two functions as `unsafe`.

GHSA-ggwq-xc72-33r3: LGSL has a reflected XSS at /lgsl_files/lgsl_list.php

# Reflected XSS at /lgsl_files/lgsl_list.php **Description:** Vulnerability: A reflected XSS vulnerability exists in the `Referer` HTTP header of [LGSL v6.2.1](https://github.com/tltneon/lgsl/releases/tag/v6.2.1). The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the HTML response without proper sanitization. When crafted malicious input is provided in the `Referer` header, it is echoed back into an HTML attribute in the application’s response. The vulnerability is present at [Line 20-24](https://github.com/tltneon/lgsl/blob/master/lgsl_files/lgsl_list.php#L20-L24) ```php $uri = $_SERVER['REQUEST_URI']; if ($lgsl_config['preloader']) { $uri = $_SERVER['HTTP_REFERER']; } ``` **Proof of Concept:** 1. Capture a request to the path `/lgsl_files/lgsl_list.php`. 2. Inject the following payload into the Referer header: `test'><script>alert(1)</script><`. 3. Send the request. 4. The XSS payload is triggered when reloading. ![image](h...

GHSA-hq4h-w933-jm6c: khoj has an IDOR in subscription management allows unauthorized subscription modifications

### Summary An Insecure Direct Object Reference (IDOR) vulnerability in the update_subscription endpoint allows any authenticated user to manipulate other users' Stripe subscriptions by simply modifying the email parameter in the request. ### Details The vulnerability exists in the subscription endpoint at `/api/subscription`. The endpoint uses an email parameter as a direct reference to user subscriptions without verifying object ownership. While authentication is required, there is no authorization check to verify if the authenticated user owns the referenced subscription. Vulnerable code in `/api/subscription`: ```python @subscription_router.patch("") @requires(["authenticated"]) async def update_subscription(request: Request, email: str, operation: str): # IDOR: email parameter directly references user subscriptions without ownership verification customers = stripe.Customer.list(email=email).auto_paging_iter() customer = next(customers, None) if operation == ...

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips

Every week, the digital world faces new challenges and changes. Hackers are always finding new ways to breach systems, while defenders work hard to keep our data safe. Whether it's a hidden flaw in popular software or a clever new attack method, staying informed is key to protecting yourself and your organization. In this week's update, we'll cover the most important developments in

The Most Dangerous People on the Internet in 2024

From Elon Musk and Donald Trump to state-sponsored hackers and crypto scammers, this was the year the online agents of chaos gained ground.