Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

Best Methods for Storing, Protecting Digital Company Files: Secure Strategies for Data Safety

By Waqas With businesses continuing to generate a vast amount of data, from financial records to client information, understanding the… This is a post from HackRead.com Read the original post: Best Methods for Storing, Protecting Digital Company Files: Secure Strategies for Data Safety

HackRead
Open in Source
#vulnerability#web#google#git#intel#pdf#auth#ssl
The Latest Identity Theft Methods: Essential Protection Strategies Revealed

By Waqas With the digital age in full swing, your personal information is more vulnerable than ever. Identity theft has… This is a post from HackRead.com Read the original post: The Latest Identity Theft Methods: Essential Protection Strategies Revealed

Red Hat Security Advisory 2024-0533-03

Red Hat Security Advisory 2024-0533-03 - An update for gnutls is now available for Red Hat Enterprise Linux 9.

Aembit Teams Up with CrowdStrike for Secure Workload Access

By cyberwire Aembit Announces New Workload IAM Integration with CrowdStrike to Help Enterprises Secure Workload-to-Workload Access. This is a post from HackRead.com Read the original post: Aembit Teams Up with CrowdStrike for Secure Workload Access

GHSA-8xw6-9h78-c89j: Ylianst MeshCentral Missing SSL Certificate Validation

Ylianst MeshCentral 1.1.16 is vulnerable to Missing SSL Certificate Validation.

GHSA-xvq9-4vpv-227m: Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature

### Summary The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. https://github.com/0xJacky/nginx-ui/blob/f20d97a9fdc2a83809498b35b6abc0239ec7fdda/api/certificate/certificate.go#L72 ``` func AddCert(c *gin.Context) { var json struct { Name string `json:"name"` SSLCertificatePath string `json:"ssl_certificate_path" binding:"required"` SSLCertificateKeyPath string `json:"ssl_certificate_key_path" binding:"required"` SSLCertificate string `json:"ssl_certificate"` SSLCertificateKey string `json:"ssl_certificate_key"` ChallengeMethod string `json:"challenge_method"` DnsCredentialID int `json:"dns_credential_id"` } if !api.BindAndValid(c, &json) { return } certModel := &model.Cert{ Name: json.Name, SSLCertificatePath: json.SSLCertificatePath, SSLCer...

Control D Launches Control D for Organizations: Democratizing Cybersecurity

By cyberwire Toronto, Canada, January 29th, 2024, Cyberwire – In an era where online threats no longer discriminate by business… This is a post from HackRead.com Read the original post: Control D Launches Control D for Organizations: Democratizing Cybersecurity

10 things to do to improve your online privacy

It's Data Privacy Week so here are 10 tips from our VP of Consumer Privacy, Oren Arar, about how to stay private online.

Red Hat Security Advisory 2024-0500-03

Red Hat Security Advisory 2024-0500-03 - An update for openssl is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

China-Linked Blackwood APT Deploys Advanced NSPX30 Backdoor in Cyberespionage

By Deeba Ahmed The NSPX30 backdoor, initially uncovered in 2005 as a simple form of malware, has evolved over time into an advanced threat. This is a post from HackRead.com Read the original post: China-Linked Blackwood APT Deploys Advanced NSPX30 Backdoor in Cyberespionage