Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

Dark Reading Confidential: Quantum Has Landed, So Now What?

Episode #4: NIST's new post-quantum cryptography standards are here, so what comes next? This episode of Dark Reading Confidential digs into the world of quantum computing from a cybersecurity practitioner's point of view — with guests Matthew McFadden, vice president, Cyber, General Dynamics Information Technology (GDIT) and Thomas Scanlon, professor, Heinz College, Carnegie Mellon University.

DARKReading
Open in Source
#vulnerability#web#ios#mac#google#git#auth#ssh#chrome#ssl
Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages

An ongoing campaign is targeting npm developers with hundreds of typosquat versions of their legitimate counterparts in an attempt to trick them into running cross-platform malware. The attack is notable for utilizing Ethereum smart contracts for command-and-control (C2) server address distribution, according to independent findings from Checkmarx, Phylum, and Socket published over the past few

IBM Security Verify Access 32 Vulnerabilities

IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities.

IBM Security Verify Access Appliance Insecure Transit / Hardcoded Passwords

IBM Security Verify Access Appliance suffers from multiple insecure transit vulnerabilities, hardcoded passwords, and uninitialized variables. ibmsecurity versions prior to 2024.4.5 are affected.

Google: Big Sleep AI Agent Puts SQLite Software Bug to Bed

A research tool by the company found a vulnerability in the SQLite open source database, demonstrating the "defensive potential" for using LLMs to find vulnerabilities in applications before they're publicly released.

Ubuntu Security Notice USN-7088-1

Ubuntu Security Notice 7088-1 - Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

The Case Against Abandoning CrowdStrike Post-Outage

Knee-jerk reactions to major vendor outages could do more harm than good.

Vishing, Mishing Go Next-Level With FakeCall Android Malware

A new variant of the sophisticated attacker tool gives cybercriminals even more control over victim devices to conduct various malicious activities, including fraud and cyber espionage.

Red Hat Security Advisory 2024-8534-03

Red Hat Security Advisory 2024-8534-03 - An update is now available for Red Hat Ansible Automation Platform 2.5. Issues addressed include cross site scripting and memory exhaustion vulnerabilities.