Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Penetration Testing Services: Strengthening Cybersecurity Against Evolving Threats

Cybersecurity threats are evolving at an unprecedented pace, leaving organizations vulnerable to large-scale attacks. Security breaches and data…

HackRead
Open in Source
#sql#xss#vulnerability#web#ios#android#google#aws#auth
SignalGate Isn’t About Signal

The Trump cabinet’s shocking leak of its plans to bomb Yemen raises myriad confidentiality and legal issues. The security of the encrypted messaging app Signal is not one of them.

GHSA-rv78-qqrq-73m5: Directus's S3 assets become unavailable after a burst of HEAD requests

### Summary There's some tools that use Directus to sync content and assets. Some of those tools use HEAD method, like Shopify, to check the existence of files. Although, when making many HEAD requests at once, at some point, all assets are being served as 403. ### Details When I was investigating this issue, I have found that after the burst of HEAD requests, the amount of `sockets` held on [Agent on NodeHttpHandler](https://github.com/smithy-lang/smithy-typescript/blob/main/packages/node-http-handler/src/node-http-handler.ts#L189) was always equal to [`STORAGE_CLOUD_MAX_SOCKETS`](https://github.com/directus/directus/blob/main/packages/storage-driver-s3/src/index.ts#L89) making it impossible to have new connections causing assets to be inaccessible. After looking into this [issue on AWS SDK](https://github.com/aws/aws-sdk-js-v3/issues/6691) I found that if the [stream is requested](https://github.com/directus/directus/blob/main/api/src/services/assets.ts#L213), it needs to be consum...

GHSA-j8xj-7jff-46mx: Directus's S3 assets become unavailable after a burst of malformed transformations

### Summary When making many malformed transformation requests at once, at some point, all assets are being served as 403. ### Details When I was investigating this issue, I have found that after a burst of malformed asset transformation requests, the amount of `sockets` held on [Agent on NodeHttpHandler](https://github.com/smithy-lang/smithy-typescript/blob/main/packages/node-http-handler/src/node-http-handler.ts#L189) was always equal to [`STORAGE_CLOUD_MAX_SOCKETS`](https://github.com/directus/directus/blob/main/packages/storage-driver-s3/src/index.ts#L89) making it impossible to have new connections causing assets to be inaccessible. After looking into this [issue on AWS SDK](https://github.com/aws/aws-sdk-js-v3/issues/6691) I found that if the [stream is requested](https://github.com/directus/directus/blob/main/api/src/services/assets.ts#L213), it needs to be consumed otherwise will hang forever. And as can be [seen here](https://github.com/directus/directus/blob/main/api/src/se...

Oops! Google accidentally deletes some users’ Maps Timeline data

Google has admitted it accidentally deleted some Maps Timeline user data after what it calls a "technical issue".

How to Enter the US With Your Digital Privacy Intact

Crossing into the United States has become increasingly dangerous for digital privacy. Here are a few steps you can take to minimize the risk of Customs and Border Protection accessing your data.

How to Delete Duplicate Photos on iPhone to Save Storage

Learn the easiest way to delete duplicate photos on your iPhone device with our simple, step-by-step guide.

Ansible vs Terraform: Which is More Secure for Infrastructure Automation?

Gartner describes infrastructure as code (IaC) as a key way to unlock the potential of the cloud. However,…

Why AI Systems Need Red Teaming Now More Than Ever

AI systems are becoming a huge part of our lives, but they are not perfect. Red teaming helps…