Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

The Risk of Stateful Anti-Patterns in Enterprise Internet Architecture

Excessive statefulness hurts the ability to scale networks, applications, and ancillary supporting infrastructure, thus affecting an entire service delivery chain's ability to withstand a DDoS attack.

DARKReading
Open in Source
#web#ddos#dos#git#intel#botnet#auth#ssl
New Research Report Predicts Blockchain and Quantum Threat Will Quickly Spread Beyond Cybercurrencies; Surge in New Product and Services Opportunities to Come

Research report identifies the challenges as well as the opportunities for new products and services that arise from the threat that quantum computers pose to the "blockchain" mechanism.

pfSense pfBlockerNG 2.1.4_26 Shell Upload

This Metasploit module leverages a remote shell upload vulnerability in pfSense pfBlockerNG plugin versions 2.1.4_26 and below. Note that version 3.x is unaffected.

6 Best Ways to Make a Collaborative PowerPoint Presentation

By Owais Sultan Among the several online presentation-making platforms, Microsoft PowerPoint is the first choice of professionals. The platform allows you… This is a post from HackRead.com Read the original post: 6 Best Ways to Make a Collaborative PowerPoint Presentation

CVE-2022-42961: Release wolfSSL Release 5.5.0 (Aug 30, 2022) · wolfSSL/wolfssl

An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via an advanced technique for ECDSA key recovery. (In 5.5.0 and later, WOLFSSL_CHECK_SIG_FAULTS can be used to address the vulnerability.)

CVE-2017-20149: GitHub - BigNerd95/Chimay-Red: Working POC of Mikrotik exploit from Vault 7 CIA Leaks

The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later.

Rising Bot Attacks – Why is Your Organization Struggling to Deal with Them?

By Waqas Bot attacks rose by 41% in H1 2021, with the financial services and media industries facing the highest proportion… This is a post from HackRead.com Read the original post: Rising Bot Attacks – Why is Your Organization Struggling to Deal with Them?

Encrypted Email Service ProtonMail Now Supports Physical Security Keys

By Waqas Two Factor Authentication via Physical Security Keys is Now Possible on ProtonMail. This is a post from HackRead.com Read the original post: Encrypted Email Service ProtonMail Now Supports Physical Security Keys

CVE-2022-39308: Releases - Version notes | GoCD

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 (inclusive) are subject to a timing attack in validation of access tokens due to use of regular string comparison for validation of the token rather than a constant time algorithm. This could allow a brute force attack on GoCD server API calls to observe timing differences in validations in order to guess an access token generated by a user for API access. This issue is fixed in GoCD version 19.11.0. As a workaround, users can apply rate limiting or insert random delays to API calls made to GoCD Server via a reverse proxy or other fronting web server. Another workaround, users may disallow use of access tokens by users by having an administrator revoke all access tokens through the "Access Token Management" admin function.