#vulnerability

freeSSHd version 1.0.9 remote denial of service exploit.

The cyber attacks targeting the energy sector in Denmark last year may not have had the involvement of the Russia-linked Sandworm hacking group, new findings from Forescout show. The intrusions, which targeted around 22 Danish energy organizations in May 2023, occurred in two distinct waves, one which exploited a security flaw in Zyxel firewall (CVE-2023-28771) and a

ProSSHD version 1.2 20090726 remote denial of service exploit.

By Uzair Amir In the labyrinth of financial scams, one of the most insidious is the retirement banking scam. Imagine a… This is a post from HackRead.com Read the original post: Unravelling Retirement Banking Scams and How To Protect Yourself

Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. The issue, tracked as CVE-2024-21591, is rated 9.8 on the CVSS scoring system. “An out-of-bounds write vulnerability in J-Web of Juniper Networks Junos OS SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a

### Impact The initial vulnerability identified in Streamlit apps using custom components, allowing for directory traversal attacks, was addressed in version 1.11.1. However, a minor issue persisted, which could still potentially expose certain files on the server file-system under specific conditions. ### Patches We released an update in version 1.30.0 to further tighten security measures. Users are strongly advised to update to version 1.30.0 immediately for optimal security. ### Workarounds No additional workarounds are necessary once the update to version 1.30.0 is applied. ### For more information If you have any questions or comments about this advisory: * Email us at [[email protected]](mailto:[email protected])

By Deeba Ahmed From Background Checks to Bedroom Layouts: Data Leak Strips Bare School Security System. This is a post from HackRead.com Read the original post: Texas School Safety Software Data Leak Endangers Student Safety

A vulnerability in the popular Joomla! CMS has been added to CISA's known exploited vulnerabilities catalog.

Devise-Two-Factor does not throttle or otherwise restrict login attempts at the server by default. When combined with the Time-based One Time Password algorithm's (TOTP) inherent entropy limitations, it's possible for an attacker to bypass the 2FA mechanism through brute-force attacks. ### Impact If a user's username and password have already been compromised an attacker would be able to try possible TOTP codes and see if they can hit a lucky collision to log in as that user. The user under attack would not necessarily know that their account has been compromised. ### Patches Devise-Two-Factor has not released any fixes for this vulnerability. This library is open-ended by design and cannot solve this for all applications natively. It's recommended that any application leveraging Devise-Two-Factor implement controls at the application level to mitigate this threat. A non-exhaustive list of possible mitigations can be found below. #### Mitigations 1. Use the `lockable` strategy fr...

Red Hat Security Advisory 2024-0208-03 - An update for openssl is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.