#git

A new report cited 28 “verified” accounts on X that appear to be tied to sanctioned groups or individuals.

There was about a 24-hour period where many news outlets reported on a reported DDoS attack that involved a botnet made up of thousands of internet-connected toothbrushes.

Malwarebytes researchers have discovered a prolific campaign of fraudulent energy ads shown to users via Google searches.

By Owais Sultan February 15, 2024 – Nexo, the leading institution for digital assets, announced a partnership with Sift, the Leader… This is a post from HackRead.com Read the original post: Nexo Teams Up with Sift for Enhanced Digital Security and User Experience

A Helm contributor discovered a path traversal vulnerability when Helm saves a chart including at download time. ### Impact When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected directory based on the changes in the relative path. The validation and linting did not detect the path changes in the name. ### Patches This issue has been resolved in Helm v3.14.1. ### Workarounds Check all charts used by Helm for path changes in their name as found in the `Chart.yaml` file. This includes dependencies. ### Credits Disclosed by Dominykas Blyžė at Nearform Ltd.

### Impact When you send a request with the `Authorization` header to one domain, and the response asks to redirect to a different domain, Scrapy’s built-in redirect middleware creates a follow-up redirect request that keeps the original `Authorization` header, leaking its content to that second domain. The [right behavior](https://fetch.spec.whatwg.org/#ref-for-cors-non-wildcard-request-header-name) would be to drop the `Authorization` header instead, in this scenario. ### Patches Upgrade to Scrapy 2.11.1. If you are using Scrapy 1.8 or a lower version, and upgrading to Scrapy 2.11.1 is not an option, you may upgrade to Scrapy 1.8.4 instead. ### Workarounds If you cannot upgrade, make sure that you are not using the `Authentication` header, either directly or through some third-party plugin. If you need to use that header in some requests, add `"dont_redirect": True` to the `request.meta` dictionary of those requests to disable following redirects for them. If you need to kee...

Red Hat Security Advisory 2024-0820-03 - Red Hat Advanced Cluster Management for Kubernetes 2.8.5 General Availability release images, which provide security updates and fix bugs. Issues addressed include denial of service and traversal vulnerabilities.

By Deeba Ahmed This is the first instance of an iOS trojan that has been found stealing facial data from victims. This is a post from HackRead.com Read the original post: New iOS Trojan “GoldPickaxe” Steals Facial Recognition Data

This new backdoor we’re calling “TinyTurla-NG” (TTNG) is similar to Turla’s previously disclosed implant, TinyTurla, in coding style and functionality implementation.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE SC-600 Family Vulnerabilities: Acceptance of Extraneous Untrusted Data With Trusted Data, Use of Weak Hash, Forced Browsing, Uncontrolled Resource Consumption, Unchecked Return Value, Injection, OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges, execute arbitrary code, or spawn a system root shell on the affected system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Siemens products are affected: SCALANCE SC622-2C (6GK5622-2GS00-2AC2) (CVE-2023-44317, C...