#ssl

By Waqas Bot attacks rose by 41% in H1 2021, with the financial services and media industries facing the highest proportion… This is a post from HackRead.com Read the original post: Rising Bot Attacks – Why is Your Organization Struggling to Deal with Them?

By Waqas Two Factor Authentication via Physical Security Keys is Now Possible on ProtonMail. This is a post from HackRead.com Read the original post: Encrypted Email Service ProtonMail Now Supports Physical Security Keys

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 (inclusive) are subject to a timing attack in validation of access tokens due to use of regular string comparison for validation of the token rather than a constant time algorithm. This could allow a brute force attack on GoCD server API calls to observe timing differences in validations in order to guess an access token generated by a user for API access. This issue is fixed in GoCD version 19.11.0. As a workaround, users can apply rate limiting or insert random delays to API calls made to GoCD Server via a reverse proxy or other fronting web server. Another workaround, users may disallow use of access tokens by users by having an administrator revoke all access tokens through the "Access Token Management" admin function.

.

Enterprises seeking asset visibility and security enabled to simplify the procurement process of Armis.

At Next '22, Google Cloud announces updates to its trusted cloud ecosystem with new Sovereign Solutions initiative and partnerships spanning critical areas of cybersecurity.

Istio is an open platform-independent service mesh that provides traffic management, policy enforcement, and telemetry collection. Prior to versions 1.15.2, 1.14.5, and 1.13.9, the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted or oversized message which results in the control plane crashing when the Kubernetes validating or mutating webhook service is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially external istiod topologies, this port is exposed over the public internet. Versions 1.15.2, 1.14.5, and 1.13.9 contain patches for this issue. There are no effective workarounds, beyond upgrading. This bug is due to an error in `regexp.Compile` in Go.

iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php.

ClipperCMS 1.3.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the rss_url_news parameter at /manager/index.php.

SAS and Neterium partnered to deliver Neterium’s next-gen screening capabilities on SAS’ analytics platform.