Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

GHSA-38jr-29fh-w9vm: ansys-geometry-core OS Command Injection vulnerability

subprocess call with shell=True identified, security issue. #### Code On file [src/ansys/geometry/core/connection/product_instance.py](https://github.com/ansys/pyansys-geometry/blob/52cba1737a8a7812e5430099f715fa2160ec007b/src/ansys/geometry/core/connection/product_instance.py#L403-L428): ``` 403 def _start_program(args: List[str], local_env: Dict[str, str]) -> subprocess.Popen: 404 """ 405 Start the program where the path is the first item of the ``args`` array argument. 406 407 Parameters 408 ---------- 409 args : List[str] 410 List of arguments to be passed to the program. The first list's item shall 411 be the program path. 412 local_env : Dict[str,str] 413 Environment variables to be passed to the program. 414 415 Returns 416 ------- 417 subprocess.Popen 418 The subprocess object. 419 """ 420 return subprocess.Popen( 421 args, 422 shell=os.name != "nt", 423 stdin=subprocess.DEVN...

ghsa
Open in Source
#vulnerability#mac#git
Chinese Hackers Charged in Decade-Long Global Spying Rampage

US and UK officials hit Chinese hacking group APT31 with sanctions and criminal charges after they targeted thousands of businesses, politicians, and critics of China.

Securing your home network is long, tiresome, and entirely worth it, with Carey Parker: Lock and Code S05E07

This week on the Lock and Code podcast, we speak with Carey Parker about the importance and the process of securing your home network.

3 important lessons from a devastating ransomware attack

Three things you could learn from the cyber incident review produced by the British Library following its October ransomware attack.

New GEOBOX Tool Hijacks Raspberry Pi, Lets Hackers Fake Location

By Deeba Ahmed New Dark Web Tool GEOBOX, sold for $700 on Telegram and underground forums, hijacks Raspberry Pi, allowing cybercriminals to fake locations and evade detection. This is a post from HackRead.com Read the original post: New GEOBOX Tool Hijacks Raspberry Pi, Lets Hackers Fake Location

Apple Chip Flaw Leaks Secret Encryption Keys

Plus: The Biden administration warns of nationwide attacks on US water systems, a new Russian wiper malware emerges, and China-linked hackers wage a global attack spree.

New Go loader pushes Rhadamanthys stealer

A malicious ad for the popular admin tool PuTTY leads victims to a fake site that downloads malware.

Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

The nonprofit organization that supports the Firefox web browser said today it is winding down its new partnership with Onerep, an identity protection service recently bundled with Firefox that offers to remove users from hundreds of people-search sites. The move comes just days after a report by KrebsOnSecurity forced Onerep's CEO to admit that he has founded dozens of people-search networks over the years.

Win32.STOP.Ransomware (Smokeloader) MVID-2024-0676 Remote Code Execution

Win32.STOP.Ransomware (smokeloader) malware suffers from both local and remote code execution vulnerabilities. The remote code execution can be achieved by leveraging a man-in-the-middle attack.

Task Management System 1.0 SQL Injection

Task Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.