Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

GHSA-v2ch-c8v8-fgr7: Versity panic induced by AWS chunked data sent to port

Sending AWS chunk data with no Content-Length HTTP header causes the panic, every time. ### Reproduction Setup versity server running on port 7071, no SSL (for ease of packet tracing with tshark). Problem can be reproduced with or without SSL on the versity end. Use nginx to reverse proxy on port 7070. This does have to be SSL enabled for the repro to occur. nginx config: ``` upstream tony_versity { server 127.0.0.1:7071; keepalive 15; } server { listen 7070 ssl ; access_log /var/log/nginx/tony_versity_proxy.access.log; error_log /var/log/nginx/tony_versity_proxy.error.log; # Allow any size file to be uploaded. client_max_body_size 0; # Allow special characters in headers ignore_invalid_headers off; # Disable buffering proxy_buffering off; proxy_request_buffering off; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; ssl_certificate "/WS/TEMP/lh.crt"; ss...

ghsa
Open in Source
#vulnerability#mac#linux#ddos#nginx#aws#auth#ssl
GHSA-w54x-xfxg-4gxq: NeuVector process with sensitive arguments lead to leakage

### Impact When a Java command with password parameters is executed and terminated by NeuVector for Process rule violation. For example, ``` java -cp /app ... Djavax.net.ssl.trustStorePassword=<Password> ``` The command with the password appears in the NeuVector security event. To prevent this, NeuVector uses the following default regular expression to detect and redact sensitive data from process commands: ``` (?i)(password|passwd|token) ``` Also, you can define custom patterns to redact by creating a Kubernetes ConfigMap. For example: ``` kubectl create configmap neuvector-custom-rules --from-file=secret-patterns.yaml -n neuvector ``` Sample `secret-patterns.yaml` content: ``` Pattern_list: - (?i)(pawd|pword) - (?i)(secret) ``` NeuVector uses the default and custom regex to decide whether the process command in a security event should be redacted. **Note:** If numerous regular expression (regex) patterns are configured in the Kubernetes ConfigMap for extended coverage ...

DSLRoot, Proxies, and the Threat of ‘Legal Botnets’

The cybersecurity community on Reddit responded in disbelief this month when a self-described Air National Guard member with top secret security clearance began questioning the arrangement they'd made with company called DSLRoot, which was paying $250 a month to plug a pair of laptops into the Redditor's high-speed Internet connection in the United States. This post examines the history and provenance of DSLRoot, one of the oldest "residential proxy" networks with origins in Russia and Eastern Europe.

GHSA-pw25-c82r-75mm: request-filtering-agent SSRF Bypass via HTTPS Requests to 127.0.0.1

request-filtering-agent versions 1.x.x and earlier contain a vulnerability where HTTPS requests to 127.0.0.1 bypass IP address filtering, while HTTP requests are correctly blocked. **Impact:** Vulnerable patterns (requests that should be blocked but are allowed): - https://127.0.0.1:443/api - https://127.0.0.1:8443/admin - Any HTTPS request using direct IP address `https://127.0.0.1` This vulnerability primarily affects services using self-signed certificates on `127.0.0.1`. **Not affected (correctly blocked in all versions):** - http://127.0.0.1:80/api - HTTP requests are properly blocked - https://localhost:443/api - Domain-based requests trigger DNS lookup and are blocked - http://localhost:80/api - Domain-based HTTP requests are blocked - Requests to other private IPs like 192.168.x.x, 10.x.x.x, 172.16.x.x This allows attackers to potentially access internal HTTPS services running on localhost, bypassing the library's SSRF protection. The vulnerability is particularly dangerou...

How to Streamline Your Game Development Process: 4 Smart Solutions

Development teams worldwide spend countless hours wrestling with the same persistent challenges: tight deadlines, resource constraints, and the…

CTM360 Report Explains How Emotions Fuel Modern Fraud

CTM360 research reveals how scammers hook their victims through manipulative traps built on AI, stolen data, and brand…

Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger

Cybersecurity researchers have disclosed details of a new malware loader called QuirkyLoader that's being used to deliver via email spam campaigns an array of next-stage payloads ranging from information stealers to remote access trojans since November 2024. Some of the notable malware families distributed using QuirkyLoader include Agent Tesla, AsyncRAT, Formbook, Masslogger, Remcos RAT,

How to Automate Phishing Detection to Prevent Data Theft

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.