#web

Red Hat Security Advisory 2024-1484-03 - An update for firefox is now available for Red Hat Enterprise Linux 8. Issues addressed include integer overflow, out of bounds write, and use-after-free vulnerabilities.

Google has announced the introduction of Device Bound Session Credentials (DBSC).

Guests affected by the companywide disruption vented their frustrations on social media.

By Owais Sultan Virtual reality developer Victoria VR has announced that it is integrating OpenAI into its builder. The move makes… This is a post from HackRead.com Read the original post: Victoria VR Becomes First Virtual Reality Developer to Integrate OpenAI

### Impact Any deployment of voilà dashboard allow local file inclusion, that is to say any file on a filesystem that is readable by the user that runs the voilà dashboard server can be downloaded by someone with network access to the server. Whether this still requires authentication depends on how voilà is deployed. ### Patches This is patched in 0.2.17+, 0.3.8+, 0.4.4+, 0.5.6+ ### Workarounds None. ### References CWE-73: External Control of File Name or Path ### Original report I have found a local file inclusion vulnerability in one of your subprojects, voila (https://github.com/voila-dashboards/voila). The vulnerability exists in the "/static" Route, and can be exploited by simply making a request such as this: ``` $ curl localhost:8866/static/etc/passwd ``` ...or by using a webbrowser to download the file. I dug into the source code, and I think the offending line is here: https://github.com/voila-dashboards/voila/blob/8419cc7d79c0bb1dabfbd9ec49cb957740609d4d/voi...

Roughly nine years ago, KrebsOnSecurity profiled a Pakistan-based cybercrime group called "The Manipulaters," a sprawling web hosting network of phishing and spam delivery platforms. In January 2024, The Manipulaters pleaded with this author to unpublish previous stories about their work, claiming the group had turned over a new leaf and gone legitimate. But new research suggests that while they have improved the quality of their products and services, these nitwits still fail spectacularly at hiding their illegal activities.

Google on Tuesday said it's piloting a new feature in Chrome called Device Bound Session Credentials (DBSC) to help protect users against session cookie theft by malware. The prototype – currently tested against "some" Google Account users running Chrome Beta – is built with an aim to make it an open web standard, the tech giant's Chromium team said. "By binding authentication sessions to the

What cybersecurity professionals around the world can do to defend against the scourge of online disinformation in this year's election cycle.

Telecommunications giant AT&T has finally confirmed that 73 million current and former customers are caught up in a massive dark web data leak.

Fortanix is working on technologies to build a security wall around AI search.