#web

Generative AI applies to any site “whose primary purpose is to use artificial intelligence models to generate output in the form of text, audio, video or images based on user-supplied prompts.”

Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read vulnerabilities that could lead to the exposure of sensitive contents of arbitrary memory in the application.

By Waqas Cybersecurity researchers at Bitdefender have found a surge in malware and phishing attacks on Discord, noting 50,000 malicious… This is a post from HackRead.com Read the original post: Surge in Discord Malware Attacks as 50,000 Malicious Links Uncovered

By Waqas Cybersecurity researchers at Bitdefender have found a surge in malware and phishing attacks on Discord, noting 50,000 malicious… This is a post from HackRead.com Read the original post: Surge in Discord Malware Attacks as 50,000 Malicious Links Uncovered

The Fides webserver requires a connection to a hosted PostgreSQL database for persistent storage of application data. If the password used by the webserver for this database connection includes special characters such as `@` and `$`, webserver startup fails and the part of the password following the special character is exposed in webserver error logs. This is caused by improper escaping of the SQLAlchemy password string, see [here](https://docs.sqlalchemy.org/en/14/core/engines.html#escaping-special-characters-such-as-signs-in-passwords) and [here](https://github.com/sqlalchemy/sqlalchemy/discussions/6615) for more info. ### Impact Partial exposure of hosted database password in webserver logs ### Patches The vulnerability has been patched in Fides version `2.37.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. ### Workarounds There are no workarounds. ### Proof of Concept 1. Create a hosted PostgreSQL database for Fides with a...

This Metasploit module exploits an unauthenticated command injection vulnerability in Progress Flowmon versions before v12.03.02.

Ubuntu Security Notice 6779-2 - USN-6779-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Jan-Ivar Bruaroey discovered that Firefox did not properly manage memory when audio input connected with multiple consumers. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. Thomas Rinsma discovered that Firefox did not properly handle type check when handling fonts in PDF.js. An attacker could potentially exploit this issue to execute arbitrary javascript code in PDF.js. Irvan Kurniawan discovered that Firefox did not properly handle certain font styles when saving a page to PDF. An attacker could potentially exploi...

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

Red Hat Security Advisory 2024-3426-03 - An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a denial of service vulnerability.

The notorious BreachForums seem to have returned, but the question is: who's pulling the strings?