Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

Google's AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects

Google has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library. "These particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets,"

The Hacker News
#vulnerability#google#ssl#The Hacker News
Ubuntu Security Notice USN-7123-1

Ubuntu Security Notice 7123-1 - It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate certain SMB messages, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service or possibly expose sensitive information. Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-7119-1

Ubuntu Security Notice 7119-1 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

Malicious QR Codes: How big of a problem is it, really?

QR codes are disproportionately effective at bypassing most anti-spam filters. Talos discovered two effective methods for defanging malicious QR codes, a necessary step to make them safe for consumption.

Linux Variant of Helldown Ransomware Targets VMware ESXi Systems

Since surfacing in August, the likely LockBit variant has claimed more than two dozen victims and appears poised to strike many more.

Russian Ransomware Gangs on the Hunt for Pen Testers

In further proof of the professionalization of Russian cybercriminal groups, ransomware gangs have been posting job ads for security positions such as pen testers, looking to boost their ransomware deployment operations.

Ubuntu Security Notice USN-7104-1

Ubuntu Security Notice 7104-1 - It was discovered that curl could overwrite the HSTS expiry of the parent domain with the subdomain's HSTS entry. This could lead to curl switching back to insecure HTTP earlier than otherwise intended, resulting in information exposure.

We Can Do Better Than Free Credit Monitoring After a Breach

Individual companies and entire industries alike must take responsibility for protecting customer data — and doing the right thing when they fail.

Free AI editor lures in victims, installs information stealer instead on Windows and Mac

A widespread social media campaign for EditProAI turns out to spread information stealers for both Windows and MacOS users.

Critical WordPress Plug-in Flaw Exposes 4M Sites to Takeover

A vulnerability found in the Really Simple Security plug-in allows an attacker to remotely gain access to any account on an affected website, including the administrator, when 2FA is enabled.