Security
Headlines
HeadlinesLatestCVEs

Tag

#git

DDoS Attacks Surge as Africa Expands Its Digital Footprint

As organizations on the continent expand their use of digital technologies, they increasingly face many of the same threats that entities in other regions have had to deal with for years.

DARKReading
Open in Source
#apple#ddos#dos#git#intel#ldap#acer#auth
SEO Poisoning: How Cybercriminals Are Turning Search Engines into Traps

Stay protected from SEO poisoning, a cyber threat exploiting search engine rankings to spread malware and phishing scams.…

WhatsApp Wins Lawsuit Against Israeli Spyware Maker NSO Group

A US court ruled against NSO Group, an Israeli spyware maker, finding them liable for hacking WhatsApp users. The ruling has major implications for the surveillance technology industry."

The Fintech Wild West: Why Preventive Cybersecurity Is Essential for Survival

Fintech thrives on innovation, but cybersecurity requires a proactive approach. AI, predictive intelligence, and tailored strategies safeguard against…

You Need to Create a Secret Password With Your Family

AI voice cloning and deepfakes are supercharging scams. One method to protect your loved ones and yourself is to create secret code words to verify someone’s identity in real time.

Postman Workspaces Leak 30000 API Keys and Sensitive Tokens

Thousands of Postman workspaces leaked sensitive data like API keys and tokens. Learn best practices to secure your API development environment and protect your organization

Too Much 'Trust,' Not Enough 'Verify'

"Zero trust" doesn't mean "zero testing."

DNSSEC Denial-of-Service Attacks Show Technology's Fragility

The security extensions for the Domain Name System aimed to make the Internet more reliable, but instead the technology has exchanged one set of problems for another.

GHSA-f697-gm3h-xrf9: Apache HugeGraph-Server: Fixed JWT Token (Secret)

Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server. This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0. Users are recommended to upgrade to version 1.5.0, which fixes the issue.

GHSA-vm62-9jw3-c8w3: Gogs has an argument Injection in the built-in SSH server

### Impact When the built-in SSH server is enabled (`[server] START_SSH_SERVER = true`), unprivileged user accounts with at least one SSH key can execute arbitrary commands on the Gogs instance with the privileges of the user specified by `RUN_USER` in the configuration. It allows attackers to access and alter any users' code hosted on the same instance. ### Patches The `env` command sent to the internal SSH server has been changed to be a passthrough (https://github.com/gogs/gogs/pull/7868), i.e. the feature is effectively removed. Users should upgrade to 0.13.1 or the latest 0.14.0+dev. ### Workarounds [Disable the use of built-in SSH server](https://github.com/gogs/gogs/blob/7adac94f1e93cc5c3545ea31688662dcef9cd737/conf/app.ini#L76-L77) on operating systems other than Windows. ### References https://www.cve.org/CVERecord?id=CVE-2024-39930