Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Iran Dupes US Military Contractors, Gov't Agencies in Years-Long Cyber Campaign

A state-sponsored hacking team employed a clever masquerade and elaborate back-end infrastructure as part of a five-year info-stealing campaign that compromised the US State and Treasury Departments, and hundreds of thousands of accounts overall.

DARKReading
Open in Source
#web#pdf#auth
2023: A 'Good' Year for OT Cyberattacks

Attacks increased by "only" 19% last year. But that number is expected to grow significently.

Patch Now: CrushFTP Zero-Day Cloud Exploit Targets US Orgs

An exploit for the vulnerability allows unauthenticated attackers to escape a virtual file system sandbox to download system files and potentially achieve RCE.

Fortify AI Training Datasets From Malicious Poisoning

Just like you should check the quality of the ingredients before you make a meal, it's critical to ensure the integrity of AI training data.

Popular Keyboard Apps Leak User Data: Billion Potentially Exposed

By Waqas Popular keyboard apps leak user data! Citizen Lab reports 8 out of 9 Android IMEs expose keystrokes. Change yours & protect passwords! This is a post from HackRead.com Read the original post: Popular Keyboard Apps Leak User Data: Billion Potentially Exposed

GHSA-3h7q-rfh9-xm4v: Synapse V2 state resolution weakness allows Denial of Service (DoS)

### Impact A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in how the auth chain cover index is calculated. This can induce high CPU consumption and accumulate excessive data in the database of such instances, resulting in a denial of service. Servers in private federations, or those that do not federate, are not affected. ### Patches Server administrators should upgrade to 1.105.1 or later. ### Workarounds One can: - ban the malicious users or ACL block servers from the rooms; and/or - leave the room and purge the room using the admin API ### For more information If you have any questions or comments about this advisory, please email us at [security AT element.io](mailto:security@element.io).

GHSA-7vf4-x5m2-r6gr: OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`)

### SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`) **Please note, only authorized and admin role users have access to PUT / POST APIS for /api/v1/policies. Non authenticated users will not be able to access these APIs to exploit the vulnerability** `CompiledRule::validateExpression` is also called from [`PolicyRepository.prepare`](https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/PolicyRepository.java#L113) ```java @Override public void prepare(Policy policy, boolean update) { validateRules(policy); } ... public void validateRules(Policy policy) { List<Rule> rules = policy.getRules(); if (nullOrEmpty(rules)) { throw new IllegalArgumentException(CatalogExceptionMessage.EMPTY_RULES_IN_POLICY); } // Validate all the expressions in the rule for (Rule rule : rules) { CompiledRule.validateExpression(rule.getCondition(), Boolean.class); rule.getResources...

Siemens Working on Fix for Device Affected by Palo Alto Firewall Bug

Growing attacks targeting the flaw prompted CISA to include it in the known exploited vulnerabilities catalog earlier this month.

Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments

An utterly innocuous feature in popular Git CDNs allows anyone to conceal malware behind brand names, without those brands being any the wiser.

Back from the Brink: UnitedHealth Offers Sobering Post-Attack Update

The company reports most systems are functioning again but that analysis of the data affected will take months to complete.