Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Internet Archive Slowly Revives After DDoS Barrage

Days after facing a major breach, the site is still struggling to get fully back on its feet.

DARKReading
Open in Source
#vulnerability#web#mac#ddos#dos#git
What I’ve learned in my first 7-ish years in cybersecurity

Plus, a zero-day vulnerability in Qualcomm chips, exposed health care devices, and the latest on the Salt Typhoon threat actor.

GHSA-crmj-qh74-2r36: Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder

### Impact A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, `QuickTimeVideo::multipleEntriesDecoder`, was new in v0.28.0 (see https://github.com/Exiv2/exiv2/pull/2337), so Exiv2 versions before v0.28 are _not_ affected. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted video file. ### Patches The bug is fixed in version v0.28.2. ### For more information Please see our [security policy](https://github.com/Exiv2/exiv2/security/policy) for information about Exiv2 security. ### Credit This bug was found by [OSS-Fuzz](https://github.com/google/oss-fuzz).

GHSA-g9xm-7538-mq8w: Exiv2 has an out-of-bounds read in QuickTimeVideo::NikonTagsDecoder

### Impact An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder`, was new in v0.28.0 (see https://github.com/Exiv2/exiv2/pull/2337), so Exiv2 versions before v0.28 are _not_ affected. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. ### Patches The bug is fixed in version v0.28.2. ### For more information Please see our [security policy](https://github.com/Exiv2/exiv2/security/policy) for information about Exiv2 security. ### Credit This bug was found by [OSS-Fuzz](https://github.com/google/oss-fuzz).

4 Ways to Address Zero-Days in AI/ML Security

As the unique challenges of AI zero-days emerge, the approach to managing the accompanying risks needs to follow traditional security best practices but be adapted for AI.

ClickFix Attack: Fake Google Meet Alerts Install Malware on Windows, macOS

Protect yourself from the ClickFix attack! Learn how cybercriminals are using fake Google Meet pages to trick users…

Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

The U.S. government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan (a.k.a. AnonSudan), a cybercrime business known for launching powerful distributed denial-of-service (DDoS) attacks against a range of targets, including dozens of hospitals, news websites and cloud providers. One of the brothers is facing life in prison for allegedly seeking to kill people with his attacks.

Is a CPO Still a CPO? The Evolving Role of Privacy Leadership

Has the role of chief privacy officer become something more than it was? And is it still a role that just one person can handle?

23andMe will retain your genetic information, even if you delete the account

Sure, you can request a deletion of your data from 23andMe, but that doesn’t mean the company will delete it entirely.

UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants

By Dmytro Korzhevin, Asheer Malhotra, Vanja Svajcer and Vitor Ventura.  Cisco Talos has observed a new wave of attacks active since at least late 2023, from a Russian speaking group we track as “UAT-5647”, against Ukrainian government entities and unknown Polish entities.  UAT-5647 is also known