6 matches found
Important: containerd
Issue Overview: An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state a...
Google Chrome Update Disrupts Infostealer Cookie Theft
Google adds Device Bound Session Credentials DBSC to Chrome 146, using hardware keys to block infostealer use of stolen session cookies on Windows...
Twilio Reveals Another Breach from the Same Hackers Behind the August Hack
Communication services provider Twilio this week disclosed that it experienced another "brief security incident" in June 2022 perpetrated by the same threat actor behind the August hack that resulted in unauthorized access of customer information. The security event occurred on June 29, 2022, the...
OpenSSH 8.2 Just Works with U2F/FIDO2 Security Keys
OpenSSH is on a roll. In February, OpenSSH 8.2 introduced first-class support for FIDO2 nee U2F security keys, making hardware backed keys accessible for less than $20. This is not some complicated PAM setup, or some janky cryptographic trick, but a proper public key type, where the private key i...
Why SaaS opens the door to so many cyber threats (and how to make it safer)
Cloud services have become increasingly important to many companies' daily operations, and the rapid adoption of web apps has allowed businesses to continue operating with limited productivity hiccups, even as global coronavirus restrictions have forced much of the world to work from home. But at...
HTTPS client certificate authentication security issues. Part 1/3
Sometimes we need to improve web authentication by client certificates. It’s much better than passwords, allows to enable 2nd factor because of hardware keys and just sounds so strong, isn’t it? ; Let’s look inside it to understand how secure is it and what to check to be sure, that you didn’t...