Security
Headlines
HeadlinesLatestCVEs

Tag

#google

'GhostToken' Opens Google Accounts to Permanent Infection

A bug in how Google Cloud Platform handles OAuth tokens opened the door to Trojan apps that could access anything in users' personal or business Google Drives, Photos, Gmail, and more.

DARKReading
#vulnerability#web#google#git#oauth#auth#sap
New Policy Group Wants to Improve Cybersecurity Disclosure, Support Researchers

The new Security Legal Research Fund and Hacking Policy Council are aimed at protecting "good faith" security researchers from legal threats and giving them a voice in policy discussions.

OpenSSF Adds Software Supply Chain Tracks to SLSA Framework

The Open Source Security Foundation's SLSA v1.0 release is an important milestone in improving software supply chain security and providing organizations with the tools they need to protect their software.

3CX Supply Chain Attack Tied to Financial Trading App Breach

Mandiant found that North Korea's UNC4736 gained initial access on 3CX's network when an employee downloaded a weaponized but legitimately-signed app from Trading Technologies.

CVE-2023-27351: APRIL 19 UPDATE | PaperCut MF/NG vulnerability bulletin (March 2023)

This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226.

Ubuntu Security Notice USN-6029-1

Ubuntu Security Notice 6029-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the infrared transceiver USB driver did not properly handle USB control messages. A local attacker with physical access could plug in a specially crafted USB device to cause a denial of service.

Lilac-Reloaded For Nagios 2.0.8 Remote Code Execution

Lilac-Reloaded for Nagios version 2.0.l8 remote code execution exploit.

Ubuntu Security Notice USN-6027-1

Ubuntu Security Notice 6027-1 - It was discovered that the Traffic-Control Index implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jiasheng Jiang discovered that the HSA Linux kernel driver for AMD Radeon GPU devices did not properly validate memory allocation in certain situations, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.