#git

By Uzair Amir Building on Plasma Next would make the DEX as convenient as CEX for trading with low fees, slippage, and waiting period. This is a post from HackRead.com Read the original post: IdeaSoft To Launch an Innovative Perpetual DEX on INTMAX’s Open-source L2 Plasma Next

Backing up your Mac is a simple process that can save your most important files from cyberthreats.

An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypted PDF files.

By Owais Sultan Modern advancements have tilted the world into a tightly-knit web. Accessing localized content and resources can be hard… This is a post from HackRead.com Read the original post: The Power of ISP Proxies: Unlocking Local Content and Resources

Updated March 30, 2024: We have determined that Fedora Linux 40 beta does contain two affected versions of xz libraries - xz-libs-5.6.0-1.fc40.x86_64.rpm and xz-libs-5.6.0-2.fc40.x86_64.rpm. At this time, Fedora 40 Linux does not appear to be affected by the actual malware exploit, but we encourage all Fedora 40 Linux beta users to revert to 5.4.x versions.Editor's note: This post has been updated to more clearly articulate the affected versions of Fedora Linux and add additional mitigation methods.Yesterday, Red Hat Information Risk and Security and Red Hat Product Security learned that the l

Thread hijacking attacks. They happen when someone you know has their email account compromised, and you are suddenly dropped into an existing conversation between the sender and someone else. These missives draw on the recipient's natural curiosity about being copied on a private discussion, which is modified to include a malicious link or attachment. Here's the story of a recent thread hijacking attack in which a journalist was copied on a phishing email from the unwilling subject of a recent scoop.

By Waqas Some of the known targets of this iMessage phishing campaign are USPS (the United States Postal Service), DHL, Evri, Australia Post, Bulgarian Posts, and Singapore Post. This is a post from HackRead.com Read the original post: New iMessage Phishing Campaign Targets Postal Service Users Globally

### Impact _What kind of vulnerability is it? Who is impacted?_ Users running containers with root privileges allowing a container to run with read/write access to the host system files when selinux is not enabled. With selinux enabled, some read access is allowed. ### Patches From @nalind . This is a patch for Buildah (https://github.com/containers/buildah). Once fixed there, Buildah will be vendored into Podman. ``` # cat /root/cve-2024-1753.diff --- internal/volumes/volumes.go +++ internal/volumes/volumes.go @@ -11,6 +11,7 @@ import ( "errors" + "github.com/containers/buildah/copier" "github.com/containers/buildah/define" "github.com/containers/buildah/internal" internalParse "github.com/containers/buildah/internal/parse" @@ -189,7 +190,11 @@ func GetBindMount(ctx *types.SystemContext, args []string, contextDir string, st // buildkit parity: support absolute path for sources from current build context if contextDir != "" { // path should be /contextDir/speci...

This bug bypassed the validation of TSL certificates on all none web HTTP clients in the `serverpod_client` package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device and the server. An attacker would need to be able to intercept the traffic and highjack the connection to the server for this vulnerability to be used. ### Impact All versions of `serverpod_client` pre `1.2.6` ### Patches Upgrading to version `1.2.6` resolves this issue.

### Summary Using `Pickup: Local stock only` as a click-and-collect points could cause a leak of customer addresses ### Details When using `Pickup: Local stock only` click-and-collect as a delivery method in specific conditions the customer could overwrite the warehouse address with its own, which exposes its address as click-and-collect address. ### Impact The vulnerability can cause the leak of customer's address when using click-and-collect delivery option marked as `Local stock only`. It has impact on all orders with click-and-collect delivery method marked as `Pickup:Local stock only` The affected versions: `>=3.14.56 <3.14.61`, `>=3.15.31 <3.15.37`, `>=3.16.27 <3.16.34`, `>=3.17.25 <3.17.32`, `>=3.18.19 <3.18.28`, `>=3.19.5 <3.19.15` This issue has been patched in versions: `3.14.61`, `3.15.37`, `3.16.34`, `3.17.32`, `3.18.28`, `3.19.15` ### Workaround We strongly recommend upgrading to the latest versions, in case of inability to upgrade straight away, possible workarounds a...