#auth

GLOBAL GROUP Ransomware targets media giant Albavisión, claims 400 GB data theft as it continues hitting global sectors with advanced extortion tactics.

A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be used as the hostname for the container itself, as the podman's search domain is not added anymore the container is using the host's resolv.conf, and the DNS resolver will try to look into the search domains contained on it. If one of the domains contain a name with the same hostname as the running container, the connection will forward to unexpected external servers.

Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any character from the SAML assertion username. To conduct the attack an attacker would need a validly signed document from the identity provider (IdP). In fixing this we made sure to process the SAML assertions from only verified/authenticated contents. This will prevent future variants from coming up. Note: this is distinct from the previous xml-crypto CVEs.

In what's the latest instance of a software supply chain attack, unknown threat actors managed to compromise Toptal's GitHub organization account and leveraged that access to publish 10 malicious packages to the npm registry. The packages contained code to exfiltrate GitHub authentication tokens and destroy victim systems, Socket said in a report published last week. In addition, 73 repositories

### Summary An unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including `m3u` files. ### Details Multimedia metadata is rendered in the web-app without sanitization. This can be exploited in two ways: * a user which has the necessary permission for uploading files can upload a song with an artist-name such as `<img src=x onerror=alert(document.domain)>` * an unauthenticated user can trick another user into clicking a malicious URL, performing this same exploit using an externally-hosted m3u file The CVE score and PoC is based on the m3u approach, which results in a higher severity. ### PoC 1. Create a file named `song.m3u` with the following content. Host this file on an attacker-controlled web server. ```m3u #EXTM3U #EXTINF:1,"><img src=x onerror=alert(document.domain)> - "><img src=x onerror=alert(document.domain)> http://example.com/audio.mp3 ``` ...

Sublime Security reveals a cunning romance/adult-themed scam targeting German speakers, leveraging Keitaro TDS to deliver an AutoIT-based malware loader. Learn how this sophisticated campaign operates, its deceptive tactics, and the hidden payload.

Versions of the package ssrfcheck before 1.2.0 are vulnerable to Server-Side Request Forgery (SSRF) due to an incomplete denylist of IP address ranges. Specifically, the package fails to classify the reserved IP address space 224.0.0.0/4 (Multicast) as invalid. This oversight allows attackers to craft requests targeting these multicast addresses.

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-29mf-62xx-28jq. This link is maintained to preserve external references. ### Original Description The buffered-reader crate before 1.2.0 for Rust allows out-of-bounds array access and a panic.

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w5vr-6qhr-36cc. This link is maintained to preserve external references. ### Original Description The ed25519-dalek crate before 2 for Rust allows a double public key signing function oracle attack. The Keypair implementation leads to a simple computation for extracting a private key.

### Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xcf7-rvmh-g6q4. This link is maintained to preserve external references. ### Original Description The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::set_host.