#auth

VMWare Aria Operations for Networks (vRealize Network Insight) versions 6.0.0 through 6.10.0 do not randomize the SSH keys on virtual machine initialization. Since the key is easily retrievable, an attacker can use it to gain unauthorized remote access as the "support" (root) user.

Ubuntu Security Notice 6445-2 - It was discovered that the IPv6 implementation in the Linux kernel contained a high rate of hash collisions in connection lookup table. A remote attacker could use this to cause a denial of service. Daniel Trujillo, Johannes Wikner, and Kaveh Razavi discovered that some AMD processors utilising speculative execution and branch prediction may allow unauthorised memory reads via a speculative side-channel attack. A local attacker could use this to expose sensitive information, including kernel memory.

Ubuntu Security Notice 6199-2 - USN-6199-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that PHP incorrectly handled certain Digest authentication for SOAP. An attacker could possibly use this issue to expose sensitive information.

Red Hat Security Advisory 2023-6077-01 - An updated rhel9/toolbox container image is now available in the Red Hat container registry.

By Waqas This incident is a perfect example of the phrase "one thing leading to another. This is a post from HackRead.com Read the original post: 1Password Discloses Security Incident Linked to Okta Breach

By Owais Sultan Blockforia functions as a cryptocurrency exchange firmly grounded within the regulatory purview of the European Union. This is a post from HackRead.com Read the original post: Blockforia: A Comprehensive Analysis of a Prominent Cryptocurrency Exchange

Hundreds of millions of users of Grammarly, Vidio, and the Indonesian e-commerce giant Bukalapak are at risk for financial fraud and credential theft due to OAuth misfires — and other online services likely have the same problems.

A former employee of the U.S. National Security Agency (NSA) has pleaded guilty to charges accusing him of attempting to transmit classified defense information to Russia. Jareh Sebastian Dalke, 31, served as an Information Systems Security Designer for the NSA from June 6, 2022, to July 1, 2022, where he had Top Secret clearance to access sensitive documents. The latest development comes more

We observed the BlackByte ransomware group’s new variant, BlackByte NT, for the first time in addition to the previously seen LockBit ransomware, which continues to be the top observed ransomware family in Talos IR engagements.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity/known public exploitation Vendor: Rockwell Automation Equipment: Stratix 5800 and Stratix 5200 Vulnerabilities: Unprotected Alternate Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to take control of the affected system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Stratix products and the contained Cisco IOS software are affected: Stratix 5800 (running Cisco IOS XE Software with the Web UI feature enabled): All versions Stratix 5200 (running Cisco IOS XE Software with the Web UI feature enabled): All versions 3.2 Vulnerability Overview 3.2.1 UNPROTECTED ALTERNATE CHANNEL CWE-420 Rockwell Automation is aware of active exploitation of a previously unknown vulnerability in the web user interface feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability al...