#git

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google.com to trick people into installing malware disguised as popular free software, such as Microsoft Teams, Adobe Reader, Mozilla Thunderbird, and Discord.

A new malware strain called ZenRAT has emerged in the wild that's distributed via bogus installation packages of the Bitwarden password manager. "The malware is specifically targeting Windows users and will redirect people using other hosts to a benign web page," enterprise security firm Proofpoint said in a technical report. "The malware is a modular remote access trojan (RAT) with information

### Impact An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in other namespaces. By using a crafted `endpointSelector` that uses the `DoesNotExist` operator on the `reserved:init` label, the attacker can create policies that bypass namespace restrictions and affect the entire Cilium cluster. This includes potentially allowing or denying all traffic. This attack requires API server access, as described in the [Kubernetes API Server Attacker](https://docs.cilium.io/en/stable/security/threat-model/#kubernetes-api-server-attacker) section of the Cilium Threat Model. ### Patches This issue was patched in https://github.com/cilium/cilium/pull/28007 This issue affects: - Cilium <= v1.14.1 - Cilium <= v1.13.6 - Cilium <= v1.12.13 This issue has been resolved in: - Cilium v1.14.2 - Cilium v1.13.7 - Cilium v1.12.14 ### Workarounds An adm...

### Impact In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with - `policy.cilium.io/proxy-visibility` annotations (in Cilium >= v1.13) - `io.cilium.proxy-visibility` annotations (in Cilium <= v1.12) causes the Cilium agent to segfault on the node to which the workload is assigned. Existing traffic on the affected node will continue to flow, but the Cilium agent on the node will not able to process changes to workloads running on the node. This will also prevent workloads from being able to start on the affected node. The denial of service will be limited to the node on which the workload is scheduled, however an attacker may be able to schedule workloads on the node of their choosing, which could lead to targeted attacks. ### Patches [Pull request with fix](https://github.com/cilium/cilium/pull/27597) This issue affects: Cilium <= v1.14.1 Cilium <= v1.13.6 Cilium <= v1.12.13 This issue has been resolved in: Cilium v1.14.2 Cilium v1.13.7 C...

### Impact This vulnerability allows specially crafted requests to bypass authentication, affecting all SOCKS inbounds with user authentication. ### Patches Update to sing-box 1.4.5 or 1.5.0-rc.5 and later versions. ### Workarounds Don't expose the SOCKS5 inbound to insecure environments.

### Impact `_abi_decode()` does not validate input when it is nested in an expression. the following example gets correctly validated (bounds checked): ```vyper x: int128 = _abi_decode(slice(msg.data, 4, 32), int128) ``` however, the following example is not bounds checked ```vyper @external def abi_decode(x: uint256) -> uint256: a: uint256 = convert(_abi_decode(slice(msg.data, 4, 32), (uint8)), uint256) + 1 return a # abi_decode(256) returns: 257 ``` the issue can be triggered by constructing an example where the output of `_abi_decode` is not internally passed to `make_setter` (an internal codegen routine) or other input validating routine. ### Patches https://github.com/vyperlang/vyper/pull/3626 ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ ### References _Are there any links users can visit to find out more?_

### Impact Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This could be confusing as clients will show the event as read by the user, even if they are not in the room. ### Patches https://github.com/matrix-org/synapse/pull/16327 ### Workarounds There is no workaround.

### Impact When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as part of the authentication process—it does disrupt the expectation that passwords won't be stored in the database. As a result, these passwords could inadvertently be captured in database backups for a longer duration. These temporarily stored passwords are automatically erased after a 48-hour window. ### Patches https://github.com/matrix-org/synapse/pull/16272 ### References This bug was due to a regression in https://github.com/matrix-org/synapse/pull/13188.

Egged on by a far-reaching conservative media ecosystem, right-wing hardliners are forcing Washington to bend to their reality as the federal government careens toward a possible shutdown.

Cybersecurity experts have shed light on a new cybercrime group known as ShadowSyndicate (formerly Infra Storm) that may have leveraged as many as seven different ransomware families over the past year. "ShadowSyndicate is a threat actor that works with various ransomware groups and affiliates of ransomware programs," Group-IB and Bridewell said in a new joint report. The actor, active since