#git

### Impact s2n-tls uses the Linux atexit function to register functions that clean up the global state when the process exits. In multi-threaded environments, the atexit handler may clean up state which is still in use by other threads. When this occurs, the exiting process may experience a segmentation fault or other undefined behavior. Customers of AWS services do not need to take action. Applications using s2n-tls should upgrade to the most recent release of s2n-tls. **Impacted versions**: < v1.5.9. ### Patches The patch commit [493b771](https://github.com/aws/s2n-tls/commit/493b77167dc367c394de23cfe78a029298e2a254) is included in s2n-tls v1.5.9 [1] ### Workarounds The atexit handler may be disabled by calling `s2n_disable_atexit()` prior to initializing s2n-tls. The atexit handler is off by default in the patched versions. For further details, refer to [s2n-tls Usage Guide: Initialization and Teardown](https://github.com/aws/s2n-tls/blob/main/docs/usage-guide/topics/ch02-initi...

Red Hat Security Advisory 2024-9571-03 - Streams for Apache Kafka 2.8.0 is now available from the Red Hat Customer Portal. Issues addressed include denial of service and man-in-the-middle vulnerabilities.

If the government truly wants to protect the US's most vital assets, it must rethink its cybersecurity policies and prioritize proactive, coordinated, and enforceable measures.

Google has revealed that bad actors are leveraging techniques like landing page cloaking to conduct scams by impersonating legitimate sites. "Cloaking is specifically designed to prevent moderation systems and teams from reviewing policy-violating content which enables them to deploy the scam directly to users," Laurie Richardson, VP and Head of Trust and Safety at Google, said. "The landing

Group-IB has uncovered Lazarus group’s stealthy new trojan and technique of hiding malicious code in extended attributes on…

Less-experienced users of Microsoft's website building platform may not understand all the implications of the access controls in its low- or no-code environment.

A scammer was caught after they defrauded some 400 people for almost $20 million in real estate.

Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects.

Ransomware isn’t just a buzzword; it’s one of the most dreaded challenges businesses face in this increasingly digitized world. Ransomware attacks are not only increasing in frequency but also in sophistication, with new ransomware groups constantly emerging. Their attack methods are evolving rapidly, becoming more dangerous and damaging than ever. Almost all respondents (99.8%) in a recent

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.0 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: Arena Input Analyzer Vulnerability: Improper Validation of Specified Quantity in Input 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code on the program. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Rockwell Automation Input Analyzer (Arena), an event simulation and automation software, are affected: Arena Input Analyzer: v16.20.03 and prior 3.2 Vulnerability Overview 3.2.1 IMPROPER VALIDATION OF SPECIFIED QUANTITY IN INPUT CWE-1284 Rockwell Automation Input Analyzer version v16.20.00 (as included in Arena v16.20.03) is vulnerable to memory corruption when parsing DFT files. Local threat actors can exploit this issue to disclose information and to execute arbitrary code. To exploit this vulnerability a legitimate user must open a malicious DFT file.  CVE-2024-60...