Security
Headlines
HeadlinesLatestCVEs

Tag

#web

CVE-2024-21351: Windows SmartScreen Security Feature Bypass Vulnerability

**What is the relationship between Mark of the Web and Windows SmartScreen?** When you download a file from the internet, Windows adds the zone identifier or Mark of the Web as an NTFS stream to the file. So, when you run the file, Windows SmartScreen checks if there is a zone identifier Alternate Data Stream (ADS) attached to the file. If the ADS indicates ZoneId=3 which means that the file was downloaded from the internet, the SmartScreen does a reputation check. For more information on SmartScreen, please visit Microsoft Defender SmartScreen overview | Microsoft Learn.

Microsoft Security Response Center
#vulnerability#web#windows#microsoft#Windows SmartScreen#Security Vulnerability
CVE-2024-21327: Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** The vulnerability is in the web server, but the malicious scripts execute in the victim’s browser on their machine.

GHSA-747x-5m58-mq97: svix vulnerable to Authentication Bypass

Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature. **Note:** The attacker would need to know a victim uses the Rust library for verification,no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues.

US Takes Down Notorious Warzone RAT Malware Operation, Arrests 2

By Waqas The notorious Warzone Rat operation was active from 2018 until its takedown. This is a post from HackRead.com Read the original post: US Takes Down Notorious Warzone RAT Malware Operation, Arrests 2

ExpressVPN Bug Leaked DNS Requests for Windows Users

By Waqas Patch Your VPN! ExpressVPN Bug Leaks DNS Requests for Windows Users with Split Tunneling! This is a post from HackRead.com Read the original post: ExpressVPN Bug Leaked DNS Requests for Windows Users

Ransomware review: February 2024

In January, we recorded a total of 261 ransomware victims.

Ransomware Attack Disrupts Services in 18 Romanian Hospitals

By Deeba Ahmed The cybercrime gang behind the ransomware attack is unknown. This is a post from HackRead.com Read the original post: Ransomware Attack Disrupts Services in 18 Romanian Hospitals

GHSA-2jv5-9r88-3w3p: python-multipart vulnerable to Content-Type Header ReDoS

### Summary When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests. This can create a ReDoS (Regular expression Denial of Service): https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS This only applies when the app uses form data, parsed with `python-multipart`. ### Details A regular HTTP `Content-Type` header could look like: ``` Content-Type: text/html; charset=utf-8 ``` `python-multipart` parses the option with this RegEx: https://github.com/andrew-d/python-multipart/blob/d3d16dae4b061c34fe9d3c9081d9800c49fc1f7a/multipart/multipart.py#L72-L74 A custom option could be made and sent to the server to break it wit...

If only you had to worry about malware, with Jason Haddix: Lock and Code S05E04

This week on the Lock and Code podcast, we speak with Jason Haddix about how businesses can protect against modern cyberthreats.

Ubuntu Security Notice USN-6631-1

Ubuntu Security Notice 6631-1 - Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.