Tag
#mac
Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation. Note that by default JMX endpoint is only bound locally. We recommend users to: - Upgrade to a non-vulnerable Apache James version - Run Apache James isolated from other processes (docker - dedicated virtual machine) - If possible turn off JMX
This week on the Lock and Code podcast, we speak with Joseph Cox about how an OnlyFake-generated fake ID fooled a cryptocurrency exchange.
Gentoo Linux Security Advisory 202402-32 - A vulnerability has been discovered in btrbk which can lead to remote code execution. Versions greater than or equal to 0.31.2 are affected.
Gentoo Linux Security Advisory 202402-31 - A vulnerability has been discovered in GNU Aspell which leads to a heap buffer overflow. Versions greater than or equal to 0.60.8-r3 are affected.
Gentoo Linux Security Advisory 202402-30 - A vulnerability has been found in Glances which may lead to arbitrary code execution. Versions greater than or equal to 3.1.7 are affected.
Backdoor.Win32.AutoSpy.10 malware suffers from a remote command execution vulnerability.
Republicans who run elections are split over whether to keep working with the Cybersecurity and Infrastructure Security Agency to fight hackers, online falsehoods, and polling-place threats.
By cyberwire Brea, California, February 26th, 2024, Cyberwire – The current large surge in cyber threats has left many organizations… This is a post from HackRead.com Read the original post: ThreatHunter.ai Halts 100s of Attacks: Battling Ransomware & Nation-State Cyber Threats
A student investigation at the University of Waterloo uncovered a system that scanned countless undergrads without consent.