Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

Fake Antivirus Sites Spread Malware Disguised as Avast, Malwarebytes, Bitdefender

By Deeba Ahmed Trellix research exposes the dangers of fake antivirus websites disguised as legitimate security software but harbouring malware. Learn… This is a post from HackRead.com Read the original post: Fake Antivirus Sites Spread Malware Disguised as Avast, Malwarebytes, Bitdefender

HackRead
#web#ios#android#mac#google#git#backdoor#ssl
Essential Features of Cybersecurity Management Software for MSPs

By Uzair Amir Protect your clients’ businesses from cyber threats with Cybersecurity Management Software. Explore the unified control panel, real-time threat… This is a post from HackRead.com Read the original post: Essential Features of Cybersecurity Management Software for MSPs

4BRO Insecure Direct Object Reference / API Information Exposure

4BRO versions prior to 2024-04-17 suffer from insecure direct object reference and API information disclosure vulnerabilities.

Red Hat Security Advisory 2024-3352-03

Red Hat Security Advisory 2024-3352-03 - An update for etcd is now available for Red Hat OpenStack Platform 16.2. Issues addressed include a denial of service vulnerability.

GHSA-87pf-7x99-5xc4: Silverstripe Hostname, IP and Protocol Spoofing through HTTP Headers

In it's default configuration, SilverStripe trusts all originating IPs to include HTTP headers for Hostname, IP and Protocol. This enables reverse proxies to forward requests while still retaining the original request information. Trusted IPs can be limited via the SS_TRUSTED_PROXY_IPS constant. Even with this restriction in place, SilverStripe trusts a variety of HTTP headers due to different proxy notations (e.g. X-Forwarded-For vs. Client-IP). Unless a proxy explicitly unsets invalid HTTP headers from connecting clients, this can lead to spoofing requests being passed through trusted proxies. The impact of spoofed headers can include Director::forceSSL() not being enforced, SS_HTTPRequest->getIP() returning a wrong IP (disabling any IP restrictions), and spoofed hostnames circumventing any hostname-specific restrictions enforced in SilverStripe Controllers. Regardless on running a reverse proxy in your hosting infrastructure, please follow the instructions on Secure Coding: Reques...

He Trained Cops to Fight Crypto Crime—and Allegedly Ran a $100M Dark-Web Drug Market

The strange journey of Lin Rui-siang, the 23-year-old accused of running the Incognito black market, extorting his own site’s users—and then refashioning himself as a legit crypto crime expert.

New Bitcoin Token Protocol “Runes” Carries Potential Phishing Risk

By Owais Sultan Is the innovative Runes protocol on Bitcoin a cybersecurity concern waiting to happen? Cybersecurity experts at Resonance Security… This is a post from HackRead.com Read the original post: New Bitcoin Token Protocol “Runes” Carries Potential Phishing Risk

Global Socket 1.4.43

Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.

Ubuntu Security Notice USN-6663-3

Ubuntu Security Notice 6663-3 - USN-6663-1 provided a security update for OpenSSL. This update provides the corresponding update for Ubuntu 24.04 LTS. As a security improvement, OpenSSL will now return deterministic random bytes instead of an error when detecting wrong padding in PKCS#1 v1.5 RSA to prevent its use in possible Bleichenbacher timing attacks.

Criminal IP: Enhancing Security Solutions through AWS Marketplace Integration

By Cyber Newswire AI SPERA, a leader in Cyber Threat Intelligence (CTI) solutions, announced today that its proprietary search engine, Criminal… This is a post from HackRead.com Read the original post: Criminal IP: Enhancing Security Solutions through AWS Marketplace Integration