Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Australia Is Scouring the Earth for Cybercriminals — the US Should Too

It's time to get ahead of attacks before they even happen.

DARKReading
#web#intel#perl#auth
It Takes AI Security to Fight AI Cyberattacks

New threats from generative AI demand a generative AI security response.

Ubuntu Security Notice USN-6001-1

Ubuntu Security Notice 6001-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.

Ubuntu Security Notice USN-6000-1

Ubuntu Security Notice 6000-1 - It was discovered that the Upper Level Protocol subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the NVMe driver in the Linux kernel did not properly handle reset events in some situations. A local attacker could use this to cause a denial of service.

The Dangerous Weak Link in the US Food Chain

Without an information sharing and analysis center, the country’s food and agriculture sector is uniquely vulnerable to hackers.

CVE-2023-1802: Docker Desktop release notes

In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected.

BlackBerry Introduces Integrated Solution to Assure Secure Bi-Directional Response Communications During Cyber Incidents

BlackBerry integrates award-winning CylanceGUARD and BlackBerry AtHoc technologies for "combat-ready" cyber event continuity planning and response.

CVE-2023-1582: Re: [stable-5.15 PATCH] fs/proc: task_mmu.c: don't read mapcount for migration entry

A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service.

AppSec Looms Large for RSAC 2023 Innovation Sandbox Finalists

Application security is the dominant trend for this year's startup contest, but AI, blockchain, and compliance are all represented as well.

CVE-2022-4939: WCFM Membership <= 2.10.0 - Unauthenticated Privilege Escalation — Wordfence Intelligence

THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 2.10.0, due to a missing capability check on the wp_ajax_nopriv_wcfm_ajax_controller AJAX action that controls membership settings. This makes it possible for unauthenticated attackers to modify the membership registration form in a way that allows them to set the role for registration to that of any user including administrators. Once configured, the attacker can then register as an administrator.