Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

GHSA-w8xv-rwgf-4fwh: CVE-2025-0343: Swift ASN.1 can crash when parsing maliciously formed BER/DER

Swift ASN.1 can be caused to crash when parsing certain BER/DER constructions. This crash is caused by a confusion in the ASN.1 library itself which assumes that certain objects can only be provided in either constructed or primitive forms, and will trigger a `preconditionFailure` if that constraint isn't met. Importantly, these constraints are actually required to be true in DER, but that correctness wasn't enforced on the early node parser side so it was incorrect to rely on it later on in decoding, which is what the library did. These crashes can be triggered when parsing any DER/BER format object. There is no memory-safety issue here: the crash is a graceful one from the Swift runtime. The impact of this is that it can be used as a denial-of-service vector when parsing BER/DER data from unknown sources, e.g. when parsing TLS certificates. Many thanks to @baarde for reporting this issue and providing the fix.

ghsa
Open in Source
#apple#dos#ssl
Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces

Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet. "The campaign involved unauthorized administrative logins on management interfaces of firewalls, creation of new accounts, SSL VPN authentication through those accounts, and various other configuration changes," cybersecurity firm

Inside the Black Box of Predictive Travel Surveillance

Behind the scenes, companies and governments are feeding a trove of data about international travelers into opaque AI tools that aim to predict who’s safe—and who’s a threat.

The Metaverse Will Become More Popular Than the Real World: Will Reality Disappear?

With the advent of virtual reality, everyone got scared that the life we ​​know will disappear, and only…

Secret Phone Surveillance Tech Was Likely Deployed at 2024 DNC

Data WIRED collected during the 2024 Democratic National Convention strongly suggests the use of a cell-site simulator, a controversial spy device that intercepts sensitive data from every phone in its range.

Thousands of Live Hacker Backdoors Found in Expired Domains

SUMMARY Cybersecurity researchers at watchTowr have identified over 4,000 live hacker backdoors, exploiting abandoned infrastructure and expired domains.…

The School Shootings Were Fake. The Terror Was Real

The inside story of the teenager whose “swatting” calls sent armed police racing into hundreds of schools nationwide—and the private detective who tracked him down.

New PayPal Phishing Scam Exploits MS365 Tools and Genuine-Looking Emails

Fortinet uncovers a new PayPal phishing scam exploiting legitimate platform features. Learn how this sophisticated attack works and how to protect yourself from falling victim.

Millions of Email Servers Exposed Due to Missing TLS Encryption

Millions of email servers worldwide remain alarmingly vulnerable to cyberattacks due to a critical security oversight: the absence of Transport Layer Security (TLS) encryption.

New PhishWP Plugin on Russian Forum Turns Sites into Phishing Pages

SlashNext has discovered a malicious WordPress plugin, PhishWP, which creates convincing fake payment pages to steal your credit card information, 3DS codes, and personal data.