Security
Headlines
HeadlinesLatestCVEs

Tag

#git

GHSA-cw2r-4p82-qv79: DoS with algorithms that use PBKDF2 due to unbounded PBES2 Count value

### Impact Denial of Service, Applications that allow the use of the PBKDF2 algorithm. ### Patches A [patch](https://github.com/latchset/jwcrypto/commit/d2655d370586cb830e49acfb450f87598da60be8) is available that sets the maximum number of default rounds. ### Workarounds Applications that do not need to use PBKDF2 should simply specify the algorithms use and exclude it from the list. Applications that need to use the algorithm should upgrade to the new version that allows to set a maximum rounds number. ### Acknowledgement The issues was reported by Jingcheng Yang and Jianjun Chen from Sichuan University and Zhongguancun Lab

ghsa
Open in Source
#dos#git
Microsoft Windows PowerShell Code Execution / Event Log Bypass

Prior work from this researcher disclosed how PowerShell executes unintended files or BASE64 code when processing specially crafted filenames. This research builds on their PSTrojanFile work, adding a PS command line single quote bypass and PS event logging failure. On Windows CL tab, completing a filename uses double quotes that can be leveraged to trigger arbitrary code execution. However, if the filename got wrapped in single quotes it failed, that is until now.

Apple’s iPhone Hack Attack Warnings Spark Political Firestorm in India

By Waqas Big Tech vs. Big Brother: Apple Defies India Pressure over iPhone Hacking Alerts. This is a post from HackRead.com Read the original post: Apple’s iPhone Hack Attack Warnings Spark Political Firestorm in India

The Most Dangerous People on the Internet in 2023

From Sam Altman and Elon Musk to ransomware gangs and state-backed hackers, these are the individuals and groups that spent this year disrupting the world we know it.

4 sneaky scams from 2023

Online scams abound every day, but these four scams from 2023 were particularly devious.

New Rugmi Malware Loader Surges with Hundreds of Daily Detections

A new malware loader is being used by threat actors to deliver a wide range of information stealers such as Lumma Stealer (aka LummaC2), Vidar, RecordBreaker (aka Raccoon Stealer V2), and Rescoms. Cybersecurity firm ESET is tracking the trojan under the name Win/TrojanDownloader.Rugmi. "This malware is a loader with three types of components: a downloader that downloads an

GHSA-m5hf-m3r2-xq53: hutool-core was discovered to contain a stack overflow via NumberUtil.toBigDecimal method

The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow.

GHSA-7m7h-rgvp-3v4r: hutool-core discovered to contain an infinite loop in the StrSplitter.splitByRegex function

hutool-core v5.8.23 was discovered to contain an infinite loop in the StrSplitter.splitByRegex function. This vulnerability allows attackers to cause a Denial of Service (DoS) via manipulation of the first two parameters.

GHSA-h63j-xqx6-w58r: mvel2 TimeOut error exists in the ParseTools.subCompileExpression method

A TimeOut error exists in the ParseTools.subCompileExpression method in mvel2 v2.5.0 Final.

Why Virtual Board Portals are the Key to Better Collaboration and Decision-Making

By Owais Sultan Meetings without paper have become a reality thanks to advanced technologies. Digital tools help companies be more efficient… This is a post from HackRead.com Read the original post: Why Virtual Board Portals are the Key to Better Collaboration and Decision-Making