Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

Millionaire Airbnb Phishing Ring Busted Up by Police

Scammers set up call centers in luxury rentals to run bank help-desk fraud, as well as large-scale phishing campaigns, across at least 10 European countries, according to law enforcement.

DARKReading
Open in Source
#auth#ssl
GHSA-h97m-ww89-6jmq: `idna` accepts Punycode labels that do not produce any non-ASCII when decoded

`idna` 0.5.0 and earlier accepts Punycode labels that do not produce any non-ASCII output, which means that either ASCII labels or the empty root label can be masked such that they appear unequal without IDNA processing or when processed with a different implementation and equal when processed with `idna` 0.5.0 or earlier. Concretely, `example.org` and `xn--example-.org` become equal after processing by `idna` 0.5.0 or earlier. Also, `example.org.xn--` and `example.org.` become equal after processing by `idna` 0.5.0 or earlier. In applications using `idna` (but not in `idna` itself) this may be able to lead to privilege escalation when host name comparison is part of a privilege check and the behavior is combined with a client that resolves domains with such labels instead of treating them as errors that preclude DNS resolution / URL fetching and with the attacker managing to introduce a DNS entry (and TLS certificate) for an `xn--`-masked name that turns into the name of the target ...

Compromised Software Code Poses New Systemic Risk to U.S. Critical Infrastructure

New Fortress Information Security research shows 90% of software products used by critical infrastructure organizations contain code developed in China.

Confidential cluster: Running Red Hat OpenShift clusters on confidential nodes

This is the first of a series of articles in which we will share how confidential computing (a set of hardware and software technologies designed to protect data in use) can be integrated into the Red Hat OpenShift cluster. Our goal is to enhance data security, so all data processed by workloads running on OpenShift can remain confidential at every stage.In this article, we will focus on the public cloud and examine how confidential computing with OpenShift can effectively address the trust issues associated with cloud environments. Confidential computing removes some of the barriers that high

Are We on the Brink of Saying Goodbye to Passwords?

Explore the transition from passwords to a passwordless future: enhanced security, convenience, and cutting-edge innovations in biometrics and…

Digital Certificates With Shorter Lifespans Reduce Security Vulnerabilities

Proposals from Google and Apple drastically reduce the life cycle of certificates, which should mean more oversight — and hopefully better control.

SecureG, CTIA Project Secures Business Phone Calls

BCID mitigates the risk of consumers being harmed by fraud and bad actors by vetting to deliver a trusted, branded call experience for consumers.

15 SpyLoan Apps Found on Play Store Targeting Millions

SUMMARY Cybercriminals are exploiting SpyLoan, or predatory loan apps, to target unsuspecting users globally. McAfee cybersecurity researchers report…