#mac

An update for rh-python38-python is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2015-20107: python(mailcap): findmatch() function does not sanitise the second argument * CVE-2020-10735: python: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to DoS * CVE-2021-28861: python: an open redirection vulnerability in lib/http/server.py may lead to information disclosure

The Windows KDC allows an interposing attacker to downgrade to RC4 MD4 encryption in compromising the user's TGT session key resulting in escalation of privilege.

A vulnerability in the LIEF::MachO::BinaryParser::init_and_parse function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.

A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling a remote attacker to create a new account and then exploit the SSRF.

The North Korea-backed Lazarus Group has been observed deploying a Windows rootkit by taking advantage of an exploit in a Dell firmware driver, highlighting new tactics adopted by the state-sponsored adversary. The Bring Your Own Vulnerable Driver (BYOVD) attack, which took place in the autumn of 2021, is another variant of the threat actor's espionage-oriented activity called Operation In(ter)

A former U.S. National Security Agency (NSA) employee has been arrested on charges of attempting to sell classified information to a foreign spy, who was actually an undercover agent working for the Federal Bureau of Investigation (FBI). Jareh Sebastian Dalke, 30, was employed at the NSA for less than a month from June 6, 2022, to July 1, 2022, serving as an Information Systems Security Designer

Categories: News The most important and interesting computer security stories from the last week. (Read more...) The post A week in security (September 26 – October 2) appeared first on Malwarebytes Labs.

By Owais Sultan Patience is no longer a virtue when talking about website or app performance. Users get frustrated after waiting for… This is a post from HackRead.com Read the original post: MySQL Performance Tuning: Top 5 Tips for Blazing Fast Queries

By Waqas The hacker group is called ZINC, and its primary targets are organizations in the aerospace, media, IT services, and defense sectors. This is a post from HackRead.com Read the original post: NK Hackers Lacing Legit Software with Malware

By Deeba Ahmed Most devices infected by Chaos malware are located in Europe, particularly Italy but infections were also observed in Asia Pacific, South America, and North America. This is a post from HackRead.com Read the original post: New DDoS Malware ‘Chaos’ Hits Linux and Windows Devices