Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

White House's Call for Memory Safety Brings Challenges, Changes & Costs

Improving security in the applications that drive the digital economy is a necessary undertaking, requiring ongoing collaboration between the public and private sectors.

DARKReading
Open in Source
#vulnerability#google#microsoft#linux#git#intel#c++#auth
GHSA-wp43-vprh-c3w5: Mattermost fails to authenticate the source of certain types of post actions

Mattermost versions 8.1.x before 8.1.11, 9.3.x before 9.3.3, 9.4.x before 9.4.4, and 9.5.x before 9.5.2 fail to authenticate the source of certain types of post actions, allowing an authenticated attacker to create posts as other users via a crafted post action.

GHSA-mcw6-3256-64gg: Mattermost Server doesn't limit the number of user preferences

Mattermost Server versions 9.5.x before 9.5.2, 9.4.x before 9.4.4, 9.3.x before 9.3.3, 8.1.x before 8.1.11 don't limit the number of user preferences which allows an attacker to send a large number of user preferences potentially causing denial of service.

Web3 Security Specialist Hypernative To Provide Proactive Protection To The Flare Ecosystem

By Owais Sultan Institutions, dApps and users on Flare will now benefit from Hypernative’s industry-leading ecosystem-wide protection suite.  This is a post from HackRead.com Read the original post: Web3 Security Specialist Hypernative To Provide Proactive Protection To The Flare Ecosystem

SEXi Ransomware Desires VMware Hypervisors in Ongoing Campaign

A Babuk variant has been involved in at least four attacks on VMware EXSi servers in the last six weeks, in one case demanding $140 million from a Chilean data center company.

Ivanti Pledges Security Overhaul the Day After 4 More Vulns Disclosed

So far this year, Ivanti has disclosed a total of 10 flaws — many of them critical — in its remote access products, and one in its ITSM product.

GHSA-4v7x-pqxf-cx7m: net/http, x/net/http2: close connections when receiving too many headers

An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.

There are plenty of ways to improve cybersecurity that don’t involve making workers return to a physical office

An April 2023 study from Kent State University found that remote workers are more likely to be vigilant of security threats and take actions to ward them off than their in-office counterparts.

Jackson County hit by ransomware, declares state of emergency

Jackson County has suffered "significant disruptions within its IT systems," and its offices are closed.