Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Malicious ad distributes SocGholish malware to Kaiser Permanente employees

A fraudulent Google ad meant to phish employees for their login credentials redirects them to a fake browser update page instead.

Malwarebytes
Open in Source
#web#mac#google#js#java#chrome
Automatically acquire and renew certificates using mod_md and Automated Certificate Management Environment (ACME) in Identity Management (IdM)

IntroductionIn a previous article, I demonstrated how to configure the Automatic Certificate Management Environment (ACME) feature included in the Identity Management (IdM) Dogtag Certificate Authority (CA). Specifically, I covered installation of IdM with random serial numbers, and how to enable the ACME service and expired certificate pruning. This article explains the management of ACME (currently a technology preview) with IdM and Red Hat Enterprise Linux (RHEL) clients.Currently, mod_md is the only ACME client implementation completely supported and provided by Red Hat. For this article,

The Simple Math Behind Public Key Cryptography

The security system that underlies the internet makes use of a curious fact: You can broadcast part of your encryption to make your information much more secure.

Canadian Eyecare Firm Care1 Exposes 2.2TB of Patient Records

Another day, another healthcare database misconfiguration exposing sensitive patient information.

Test Your Cyber Skills With the SANS Holiday Hack Challenge

Open to players of all skill levels, the "Snow-mageddon" cybersecurity competition takes place in the world of Santa, elves, and Christmas mayhem.

GHSA-832w-fhmw-w4f4: D-Tale allows Remote Code Execution through the Custom Filter Input

### Impact Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. ### Patches Users should upgrade to version 3.16.1 where the `update-settings` endpoint blocks the ability for users to update the `enable_custom_filters` flag. You can find out more information on how to turn that flag on [here](https://github.com/man-group/dtale#custom-filter) ### Workarounds The only workaround for versions earlier than 3.16.1 is to only host D-Tale to trusted users. ### References See "Custom Filter" [documentation](https://github.com/man-group/dtale#custom-filter)

ABB Cylon Aspect 3.08.02 (aspectMemory.php) Arbitrary Heap Memory Configuration

An authenticated access vulnerability in the aspectMemory.php script of ABB Cylon Aspect BMS/BAS controllers allows attackers to set arbitrary values for Java heap memory parameters (HEAPMIN and HEAPMAX). This configuration is written to /usr/local/aam/etc/javamem. The absence of input validation can lead to system performance degradation, Denial-of-Service (DoS) conditions, and crashes of critical Java applications.

The Role of Blockchain and Smart Contracts in Securing Digital Transactions

Learn how blockchain and smart contracts improve cybersecurity factors in online transactions, remove the element of fraud, and…

OData Injection Risk in Low-Code/No-Code Environments

As the adoption of LCNC grows, so will the complexity of the threats organizations face.

Bitcoin ATM Giant Byte Federal Hit by Hackers, 58,000 Users Impacted

SUMMARY Byte Federal, the US’s largest Bitcoin ATM operator offering around 1,200 Bitcoin ATMs across the country, recently…