Security
Headlines
HeadlinesLatestCVEs

Tag

#sap

Fortinet Addresses Unpatched Critical RCE Vector

Fortinet has patched CVE-2023-34990 in its Wireless LAN Manager (FortiWLM), which combined with CVE-2023-48782 could allow for unauthenticated remote code execution (RCE) and the ability to read all log files.

DARKReading
#vulnerability#web#rce#auth#sap
GHSA-5pf6-cq2v-23ww: WhoDB Allows Unbounded Memory Consumption in Authentication Middleware Can Lead to Denial of Service

### Summary A Denial of Service (DoS) vulnerability in the authentication middleware allows any client to cause memory exhaustion by sending large request bodies. The server reads the entire request body into memory without size limits, creating multiple copies during processing, which can lead to Out of Memory conditions. Affects all versions up to the latest one (v0.43.0). ### Details The vulnerability exists in the AuthMiddleware function in `core/src/auth/auth.go`. The middleware processes all API requests (`/api/*`) and reads the entire request body using `io.ReadAll` without any size limits: ```go func AuthMiddleware(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r http.Request) { // No size limit on body reading body, err := io.ReadAll(r.Body) // ... // Creates another copy of the body r.Body = io.NopCloser(bytes.NewReader(body)) // ... // Unmarshals the body again, creating more copies if err := j...

Biggest Crypto Scam Tactics in 2024 and How to Avoid Them

Stay alert to crypto scams with our guide to 2024’s top threats, including phishing, malware, Ponzi schemes, and…

Meta Fined €251 Million for 2018 Data Breach Impacting 29 Million Accounts

Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined €251 million (around $263 million) for a 2018 data breach that impacted millions of users in the bloc, in what's the latest financial hit the company has taken for flouting stringent privacy laws. The Irish Data Protection Commission (DPC) said the data breach impacted approximately 29 million

Thai Police Systems Under Fire From 'Yokai' Backdoor

Hackers are abusing legitimate Windows utilities to target Thai law enforcement with a novel malware that is a mix of sophistication and amateurishness.

Drug Dealers Have Moved Onto Social Media

The marketing of illegal drugs on open platforms is “gaining prominence,” authorities note, while the number of drug transactions on the darkweb has decreased in recent years.

GHSA-8wcc-m6j2-qxvm: ASA-2024-0012, ASA-2024-0013: CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion

## Summary ### ASA-2024-0012 Name: ASA-2024-0012, Transaction decoding may result in a stack overflow Component: Cosmos SDK Criticality: High (Considerable Impact, and Possible Likelihood per [ACMv1.2](https://github.com/interchainio/security/blob/main/resources/CLASSIFICATION_MATRIX.md)) Affected versions: cosmos-sdk versions <= v0.50.10, <= v0.47.14 Affected users: Chain Builders + Maintainers, Validators, node operators ### ASA-2024-0013 Name: ASA-2024-0013: CosmosSDK: Transaction decoding may result in resource exhaustion Component: Cosmos SDK Criticality: High (Considerable Impact, and Possible Likelihood per [ACMv1.2](https://github.com/interchainio/security/blob/main/resources/CLASSIFICATION_MATRIX.md)) Affected versions: cosmos-sdk versions <= v0.50.10, <= v0.47.14 Affected users: Chain Builders + Maintainers, Validators, node operators ### Impact ### ASA-2024-0012 When decoding a maliciously formed packet with a deeply-nested structure, it may be possible for a stac...

The Education Industry: Why Its Data Must Be Protected

The sector must prioritize comprehensive data protection strategies to safeguard PII in an aggressive threat environment.

Task scams surge by 400%, but what are they?

Task scams are a new type of scams where victims are slowly tricked into paying to get paid for repetitive simple tasks

The Simple Math Behind Public Key Cryptography

The security system that underlies the internet makes use of a curious fact: You can broadcast part of your encryption to make your information much more secure.