Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Lean, green coding machine: How sustainable computing drive can reduce attack surfaces

Less is often more when it comes to both infosec and eco-friendly computing practices

PortSwigger
Open in Source
#vulnerability#web#mac#google#microsoft#amazon#linux#red_hat#java#c++#pdf#aws#auth#ruby#chrome
Cyber Threats Increasingly Target Video Games

By Owais Sultan According to Statista, today, a large number of people of all ages play video games; about 2.5 billion… This is a post from HackRead.com Read the original post: Cyber Threats Increasingly Target Video Games

Critical Security Flaw Reported in Passwordstate Enterprise Password Manager

Multiple high-severity vulnerabilities have been disclosed in Passwordstate password management solution that could be exploited by an unauthenticated remote adversary to obtain a user's plaintext passwords. "Successful exploitation allows an unauthenticated attacker to exfiltrate passwords from an instance, overwrite all stored passwords within the database, or elevate their privileges within

CVE-2022-41697: TALOS-2022-1625 || Cisco Talos Intelligence Group

A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vulnerability.

The Different Ways to Mine Cryptocurrency

By Owais Sultan When looking to mine cryptocurrency, you should always go for legal options of which there are plenty. A… This is a post from HackRead.com Read the original post: The Different Ways to Mine Cryptocurrency

GHSA-hjrf-2m68-5959: jsonwebtoken's insecure implementation of key retrieval function could lead to Forgeable Public/Private Tokens from RSA to HMAC

# Overview Versions `<=8.5.1` of `jsonwebtoken` library can be misconfigured so that passing a poorly implemented key retrieval function (referring to the `secretOrPublicKey` argument from the [readme link](https://github.com/auth0/node-jsonwebtoken#jwtverifytoken-secretorpublickey-options-callback)) will result in incorrect verification of tokens. There is a possibility of using a different algorithm and key combination in verification than the one that was used to sign the tokens. Specifically, tokens signed with an asymmetric public key could be verified with a symmetric HS256 algorithm. This can lead to successful validation of forged tokens. # Am I affected? You will be affected if your application is supporting usage of both symmetric key and asymmetric key in jwt.verify() implementation with the same key retrieval function. # How do I fix it? Update to version 9.0.0 # Will the fix impact my users? There is no impact for end users

macOS/x64 Execve Caesar Cipher String Null-Free Shellcode

286 bytes small macOS/x64 execve Caesar cipher string null-free shellcode.

macOS/x64 Execve Null-Free Shellcode

253 bytes small macOS/x64 execve null-free shellcode.

Apple Security Advisory 2022-12-13-9

Apple Security Advisory 2022-12-13-9 - Safari 16.2 addresses bypass, code execution, and use-after-free vulnerabilities.

Apple Security Advisory 2022-12-13-6

Apple Security Advisory 2022-12-13-6 - macOS Big Sur 11.7.2 addresses bypass, code execution, and integer overflow vulnerabilities.