#git

### Impact If a user should not be able to see a record, but that record can be added to a `GridField` using the `GridFieldAddExistingAutocompleter` component, the record's title can be accessed by that user. ### References - https://www.silverstripe.org/download/security-releases/CVE-2023-48714

Cracked software have been observed infecting Apple macOS users with a previously undocumented stealer malware capable of harvesting system information and cryptocurrency wallet data. Kaspersky, which identified the artifacts in the wild, said they are designed to target machines running macOS Ventura 13.6 and later, indicating the malware's ability to infect Macs on both Intel and

By Deeba Ahmed TeamViewer has been identified as the access point in two separate ransomware attacks targeting different companies. This is a post from HackRead.com Read the original post: TeamViewer Exploited to Obtain Remote Access, Deploy Ransomware

python-ecdsa has been found to be subject to a Minerva timing attack on the P-256 curve. Using the `ecdsa.SigningKey.sign_digest()` API function and timing signatures an attacker can leak the internal nonce which may allow for private key discovery. Both ECDSA signatures, key generation, and ECDH operations are affected. ECDSA signature verification is unaffected. The python-ecdsa project considers side channel attacks out of scope for the project and there is no planned fix.

### Impact When using `tuitse_html` without quoting the input, there is a html injection vulnerability. It should use the django version `django.utils.html.format_html`, instead of `string.format()` ### Patches Upgrade to version 1.3.2. ### Workarounds Sanitizing Taigi input with HTML quotation. ### References https://github.com/i3thuan5/TuiTse-TsuSin/pull/22

By Waqas The latest Trezor data breach places users at risk of phishing scams, potentially leading to the theft of additional login credentials. This is a post from HackRead.com Read the original post: Trezor Data Breach Exposes Email and Names of 66,000 Users

Apple’s iOS 17.3 introduces Stolen Device Protection to iPhones, which could stop phone thieves from taking over your accounts. Here’s how to enable it right now.

By Deeba Ahmed The latest Chae$ 4.1 sends a direct message to the cybersecurity researchers at Morphisec within the source code. This is a post from HackRead.com Read the original post: The Fake Fix: New Chae$ 4.1 Malware Hides in Driver Downloads

Media organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor known as ScarCruft in December 2023. "ScarCruft has been experimenting with new infection chains, including the use of a technical threat research report as a decoy, likely targeting consumers of threat intelligence like cybersecurity

Several public and popular libraries abandoned but still used in Java and Android applications have been found susceptible to a new software supply chain attack method called MavenGate. "Access to projects can be hijacked through domain name purchases and since most default build configurations are vulnerable, it would be difficult or even impossible to know whether an attack was being performed