Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

GHSA-px7w-c9gw-7gj3: Apache James server: Privilege escalation via JMX pre-authentication deserialization

Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation. Note that by default JMX endpoint is only bound locally. We recommend users to:  - Upgrade to a non-vulnerable Apache James version  - Run Apache James isolated from other processes (docker - dedicated virtual machine)  - If possible turn off JMX

ghsa
#mac#apache#git#java#auth#docker#maven
How to make a fake ID online, with Joseph Cox: Lock and Code S05E05

This week on the Lock and Code podcast, we speak with Joseph Cox about how an OnlyFake-generated fake ID fooled a cryptocurrency exchange.

Gentoo Linux Security Advisory 202402-32

Gentoo Linux Security Advisory 202402-32 - A vulnerability has been discovered in btrbk which can lead to remote code execution. Versions greater than or equal to 0.31.2 are affected.

Gentoo Linux Security Advisory 202402-31

Gentoo Linux Security Advisory 202402-31 - A vulnerability has been discovered in GNU Aspell which leads to a heap buffer overflow. Versions greater than or equal to 0.60.8-r3 are affected.

Gentoo Linux Security Advisory 202402-30

Gentoo Linux Security Advisory 202402-30 - A vulnerability has been found in Glances which may lead to arbitrary code execution. Versions greater than or equal to 3.1.7 are affected.

Backdoor.Win32.AutoSpy.10 MVID-2024-0671 Remote Command Execution

Backdoor.Win32.AutoSpy.10 malware suffers from a remote command execution vulnerability.

How a Right-Wing Controversy Could Sabotage US Election Security

Republicans who run elections are split over whether to keep working with the Cybersecurity and Infrastructure Security Agency to fight hackers, online falsehoods, and polling-place threats.

ThreatHunter.ai Halts 100s of Attacks: Battling Ransomware & Nation-State Cyber Threats

By cyberwire Brea, California, February 26th, 2024, Cyberwire – The current large surge in cyber threats has left many organizations… This is a post from HackRead.com Read the original post: ThreatHunter.ai Halts 100s of Attacks: Battling Ransomware & Nation-State Cyber Threats

A Vending Machine Error Revealed Secret Face Recognition Tech

A student investigation at the University of Waterloo uncovered a system that scanned countless undergrads without consent.

Russian Ministry Software Backdoored with North Korean KONNI Malware

By Waqas Friend or Foe? This is a post from HackRead.com Read the original post: Russian Ministry Software Backdoored with North Korean KONNI Malware