Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2022-2576: 580018 – Denial-of-Service vulnerability in the DTLS stack

In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0.

CVE
Open in Source
#vulnerability#mac#ddos#dos#git#java#perl#auth#maven#ssl
Dingtian-DT-R002 3.1.276A Authentication Bypass

Dingtian-DT-R002 version 3.1.276A suffers from an authentication bypass vulnerability.

Malicious npm Packages Scarf Up Discord Tokens, Credit Card Info

The campaign uses four malicious packages to spread "Volt Stealer" and "Lofy Stealer" malware in the open source npm software package repository.

Over a Dozen Android Apps on Google Play Store Caught Dropping Banking Malware

A malicious campaign leveraged seemingly innocuous Android dropper apps on the Google Play Store to compromise users' devices with banking malware. These 17 dropper apps, collectively dubbed DawDropper by Trend Micro, masqueraded as productivity and utility apps such as document scanners, QR code readers, VPN services, and call recorders, among others. All these apps in question have been

How to Combat the Biggest Security Risks Posed by Machine Identities

The rise of DevOps culture in enterprises has accelerated product delivery timelines. Automation undoubtedly has its advantages. However, containerization and the rise of cloud software development are exposing organizations to a sprawling new attack surface. Machine identities vastly outnumber human ones in enterprises these days. Indeed, the rise of machine identities is creating cybersecurity

Researchers Warns of Increase in Phishing Attacks Using Decentralized IPFS Network

The decentralized file system solution known as IPFS is becoming the new "hotbed" for hosting phishing sites, researchers have warned. Cybersecurity firm Trustwave SpiderLabs, which disclosed specifics of the attack campaigns, said it identified no less than 3,000 emails containing IPFS phishing URLs as an attack vector in the last three months. IPFS, short for InterPlanetary File System, is a

CVE-2022-1799: Release Notes  |  Google Play services  |  Google Developers

Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release.

Telegram and Discord Bots Delivering Infostealing Malware

By Deeba Ahmed Intel471 researchers have warned users about how cybercriminals are converting popular apps against them. A new report from… This is a post from HackRead.com Read the original post: Telegram and Discord Bots Delivering Infostealing Malware

CVE-2022-34555: Vuln/TL-R473G/command_execution_0 at master · skyedai910/Vuln

TP-LINK TL-R473G 2.0.1 Build 220529 Rel.65574n was discovered to contain a remote code execution vulnerability which is exploited via a crafted packet.