Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2023-32675: nonpayable default functions can sometimes be sent ether with calldatasize<4

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked `nonpayable`. This applies to contracts compiled with vyper versions prior to 0.3.8. This issue was fixed by the removal of the global `calldatasize` check in commit `02339dfda`. Users are advised to upgrade to version 0.3.8. Users unable to upgrade should avoid use of nonpayable default functions.

CVE
Open in Source
#mac
Apple Patches 3 Zero-Days Possibly Already Exploited

In an advisory released by the company, Apple revealed patches for three previously unknown bugs it says may already have been used by attackers.

Data Siloes: Overcoming the Greatest Challenge in SecOps

It's not lack of data that's the problem, but the inability to piece it together to truly understand and reduce risk.

CVE-2022-30114: Fastweb FastGate ‘cmproxy’ buffer overflow (CVE-2022-30114)

A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482_FW_230_FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462_FW_261_DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS.

Developer Alert: NPM Packages for Node.js Hiding Dangerous TurkoRat Malware

Two malicious packages discovered in the npm package repository have been found to conceal an open source information stealer malware called TurkoRat. The packages – named nodejs-encrypt-agent and nodejs-cookie-proxy-agent – were collectively downloaded approximately 1,200 times and were available for more than two months before they were identified and taken down. ReversingLabs, which broke

WebKit Under Attack: Apple Issues Emergency Patches for 3 New Zero-Day Vulnerabilities

Apple on Thursday rolled out security updates to iOS, iPadOS, macOS, tvOS, watchOS, and the Safari web browser to address three new zero-day flaws that it said are being actively exploited in the wild. The three security shortcomings are listed below - CVE-2023-32409 - A WebKit flaw that could be exploited by a malicious actor to break out of the Web Content sandbox. It was addressed with

Enterprises Rely on Multicloud Security to Protect Cloud Workloads

As enterprises adopt multicloud, the security picture has become foggy. Cloud workload protection platforms and distributed firewalls are creating clarity.

KeePass Vulnerability Imperils Master Passwords

A newly discovered bug in the open source password manager, if exploited, lets attackers retrieve a target's master password — and proof-of-concept code is available.

Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict

Plug X and other information-stealing remote-access Trojans are among the malware targeting networking, manufacturing, and logistics companies in Taiwan.

It’s really OK to take a break sometimes, especially in security

The work is always going to be there, whether you take a day or a week off. Unfortunately, the cybersecurity community at large is not going to stop cybercrime overnight.