Security
Headlines
HeadlinesLatestCVEs

Tag

#git

DarkGate Operator Uses Skype, Teams Messages to Distribute Malware

A plurality of the targets in the ongoing campaign have been based in the Americas.

DARKReading
Open in Source
#windows#microsoft#git#pdf#auth
Brands Beware: X's New Badge System Is a Ripe Cyber-Target

Scammers have targeted the vaunted blue check marks on the platform formerly known as Twitter, smearing individuals and brands alike.

GHSA-rm7j-f5g5-27vv: Denial of Service in JSON-Java

Denial of Service in JSON-Java versions prior to 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. 

CVE-2023-43149: GitHub - MinoTauro2020/CVE-2023-43149: CVE-2023-43149

SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) that allows a remote attacker to add an admin user with role status.

LinkedIn Phishing Scam Exploits Smart Links to Steal Microsoft Accounts

By Deeba Ahmed LinkedIn and Microsoft users, watch out for this phishing scam! This is a post from HackRead.com Read the original post: LinkedIn Phishing Scam Exploits Smart Links to Steal Microsoft Accounts

CVE-2023-45142: opentelemetry-go-contrib/instrumentation/net/http/otelhttp/handler.go at 5f7e6ad5a49b45df45f61a1deb29d7f1158032df · open-telemetry/opentelemetry-go-contrib

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requir...

CVE-2023-25774: TALOS-2023-1743 || Cisco Talos Intelligence Group

A denial-of-service vulnerability exists in the vpnserver ConnectionAccept() functionality of SoftEther VPN 5.02. A set of specially crafted network connections can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.

CVE-2023-32275: TALOS-2023-1753 || Cisco Talos Intelligence Group

An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability.

CVE-2023-32634: TALOS-2023-1755 || Cisco Talos Intelligence Group

An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability.