172 matches found
Improper Restriction Of Power Consumption
github.com/cosmwasm/wasmvm is vulnerable to Improper Restriction of Power Consumption. The vulnerability is due to inaccurate gas benchmarks, allowing malicious contracts to consume up to 10 times the expected execution time, which can temporarily DoS a chain...
RUSTSEC-2024-0361 CWA-2024-004: Gas mispricing in cosmwasm-vm
Some Wasm operations take significantly more gas than our benchmarks indicated. This can lead to missing the gas target we defined by a factor of 10x. This means a malicious contract could take 10 times as much time to execute as expected, which can be used to temporarily DoS a chain. For more...
CWA-2024-004: Gas mispricing in cosmwasm-vm
Some Wasm operations take significantly more gas than our benchmarks indicated. This can lead to missing the gas target we defined by a factor of 10x. This means a malicious contract could take 10 times as much time to execute as expected, which can be used to temporarily DoS a chain. For more...
Ultimate Cyber Hygiene Guide: Learn How to Simplify Your Security Efforts
2023 was a year of unprecedented cyberattacks. Ransomware crippled businesses, DDoS attacks disrupted critical services, and data breaches exposed millions of sensitive records. The cost of these attacks? Astronomical. The damage to reputations? Irreparable. But here's the shocking truth: many of...
Fedora: Security Advisory for rust-resctl-bench (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: rust-resctl-bench-2.2.5-3.fc40
resctl-bench is a collection of whole-system benchmarks to evaluate resource control and hardware behaviors using realistic simulated workloads. Comprehensive resource control involves the whole system. Furthermore, testing resource control end-to-end requires scenarios involving realistic...
bosonic-qiskit (>=0.0.0 <=12.2.6), iqm-benchmarks (>=1.3.0 <=1.6.0) +5 more potentially affected by CVE-2024-29032 via qiskit-ibm-runtime (=0.20.0)
qiskit-ibm-runtime PYPI version =0.20.0 is affected by a known vulnerability. The following packages have a transitive dependency on qiskit-ibm-runtime and may be impacted: - bosonic-qiskit =0.0.0, =1.3.0, =0.35.1, =0.3.0, =0.14.0, =0.1.6, =0.1.10 Source cves: CVE-2024-29032 Source advisory:...
Malicious code in build-benchmarks (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9051e586242e7f4cb76bca3b533a915678a64eb52f0b8812e1a1d1f35e358fd5 The OpenSSF Package Analysis project identified 'build-benchmarks' @ 15.2.4 npm as malicious. It is considered malicious because: - The package...
MAL-2024-1051 Malicious code in build-benchmarks (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9051e586242e7f4cb76bca3b533a915678a64eb52f0b8812e1a1d1f35e358fd5 The OpenSSF Package Analysis project identified 'build-benchmarks' @ 15.2.4 npm as malicious. It is considered malicious because: - The package...
Wiz extends vulnerability scanning support to MacOS instances
Wiz customers can now detect vulnerabilities in MacOS workloads and their software components with agentless scanning, and assess their secure configurations against built-in CIS Benchmarks for Apple MacOS...
Meta’s Purple Llama wants to test safety risks in AI models
Meta has announced Purple Llama, a project that aims to "bring together tools and evaluations to help the community build responsibly with open generative AI models." Generative Artificial Intelligence AI models have been around for years and their main function, compared to older AI models is th...
MAL-2023-8453 Malicious code in classnames-benchmarks (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 04617c1a9f99b39025630b22b77e5338cd0a07452a2ba6384557f2308b4379e0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in classnames-benchmarks (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 04617c1a9f99b39025630b22b77e5338cd0a07452a2ba6384557f2308b4379e0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Docker and Kubernetes, we have got you covered: Wiz simplifies compliance and security posture management for Docker and Kubernetes environments.
Ensure that your Docker and Kubernetes environments are secure and compliant with CIS benchmarks. Generate reports quickly and easily and remediate any issues with actionable insights...
[SECURITY] Fedora 37 Update: python-starlette-0.20.4-3.fc37
Starlette is a lightweight ASGI framework/toolkit, which is ideal for building async web services in Python. It is production-ready, and gives you the following: =EF=BF=BD=EF=BF=BD=EF=BF=BD A lightweight, low-complexity HTTP web framewor k. =EF=BF=BD=EF=BF=BD=EF=BF=BD WebSocket support...
Casting a Light on Shadow IT in Cloud Environments
What is Shadow IT? The term “Shadow IT” refers to the use of systems, devices, software, applications, and services without explicit IT approval. This typically occurs when employees adopt consumer products to increase productivity or just make their lives easier. This type of Shadow IT can be...
Wiz: First agentless cloud security vendor to attain CIS SecureSuite Vendor Certification for cloud-managed Kubernetes
Confidently ensure your Kubernetes environments are compliant with CIS Benchmarks for cloud-managed Kubernetes. Quickly generate compliance reports and remediate any issues without hassle...
Risk Fact #5: Infrastructure Misconfigurations Open the Door to Ransomware
Qualys Blog Series – Threat Research Unit Report In this last blog of our series describing the top Risk Facts discovered in the 2023 Qualys TruRisk Research Report, we go under the hood to better understand Risk Fact 5: Infrastructure misconfigurations open the door to ransomware Misconfiguratio...
[SECURITY] Fedora 36 Update: rust-resctl-bench-2.1.2-8.fc36
resctl-bench is a collection of whole-system benchmarks to evaluate resource control and hardware behaviors using realistic simulated workloads. Comprehensive resource control involves the whole system. Furthermore, testing resource control end-to-end requires scenarios involving realistic...
MAL-2022-4485 Malicious code in marketplace-benchmarks (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b007173bde965cf168de7c0496ea3a257c989e5ee2c9d5bd6eb1806324eb62b8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...