Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2022-45781: Tenda AX1803 Buffer Overflow vulnerability . - XFALLEN

Buffer Overflow vulnerability in Tenda AX1803 v1.0.0.1_2994 and earlier allows attackers to run arbitrary code via /goform/SetOnlineDevName.

CVE
Open in Source
#vulnerability#web#mac#windows#apple#buffer_overflow#auth#chrome#webkit#wifi
CVE-2023-47640: Insecure Use of HMAC-SHA1 For Session Signing

DataHub is an open-source metadata platform. The HMAC signature for DataHub Frontend sessions was being signed using a SHA-1 HMAC with the frontend secret key. SHA1 with a 10 byte key can be brute forced using sufficient resources (i.e. state level actors with large computational capabilities). DataHub Frontend was utilizing the Play LegacyCookiesModule with default settings which utilizes a SHA1 HMAC for signing. This is compounded by using a shorter key length than recommended by default for the signing key for the randomized secret value. An authenticated attacker (or attacker who has otherwise obtained a session token) could crack the signing key for DataHub and obtain escalated privileges by generating a privileged session cookie. Due to key length being a part of the risk, deployments should update to the latest helm chart and rotate their session signing secret. All deployments using the default helm chart configurations for generating the Play secret key used for signing are af...

CVE-2023-47384: Memory Leak in gf_isom_add_chapter isomedia/isom_write.c:3182 · Issue #2672 · gpac/gpac

MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.

Microsoft discloses only three critical vulnerabilities in November’s Patch Tuesday update, three other zero-days

In all, this set of vulnerabilities Microsoft patched includes 57 vulnerabilities, 54 of which are considered “important.”

CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs

A group of academics has disclosed a new "software fault attack" on AMD's Secure Encrypted Virtualization (SEV) technology that could be potentially exploited by threat actors to infiltrate encrypted virtual machines (VMs) and even perform privilege escalation. The attack has been codenamed CacheWarp (CVE-2023-20592) by researchers from the CISPA Helmholtz Center for Information Security. It

CVE-2023-36400

Windows HMAC Key Derivation Elevation of Privilege Vulnerability

Pro-Palestinian TA402 APT Using IronWind Malware in New Attack

By Deeba Ahmed As per cybersecurity researchers at Proofpoint, the APT group TA402 operates in support of Palestinian espionage objectives, with a primary focus on intelligence collection. This is a post from HackRead.com Read the original post: Pro-Palestinian TA402 APT Using IronWind Malware in New Attack

Here’s the Proof There’s No Government Alien Conspiracy Around Roswell

Roswell, New Mexico, remains synonymous with the “discovery” of alien life on Earth—and a US government coverup. But history shows the reality may be far less out of this world—and still fascinating.

Credit card skimming on the rise for the holiday shopping season

We've seen a particular card skimming campaign really pick up pace lately. With hundreds of stores compromised, you may come across it if you shop online this holiday season.

Video Chat Website Omegle Permanently Shuts Down

By Waqas Omegle was founded on March 25, 2009. This is a post from HackRead.com Read the original post: Video Chat Website Omegle Permanently Shuts Down