Hoax Email Blast Abused Poor Coding in FBI Website

The Federal Bureau of Investigation FBI confirmed today that its fbi.gov domain name and Internet address were used to blast out thousands of fake emails about a cybercrime investigation. According to an interview with the person who claimed responsibility for the hoax, the spam messages were sen...

Side-channels Related to the x86 PREFETCH Instruction

Bulletin ID: AMD-SB-1017 Potential Impact: Leaked kernel address space information Severity: Medium Summary Researchers from Graz University of Technology with CISPA Helmholtz Center for Information Security have demonstrated timing and power-based side channel attacks leveraging the x86 PREFETCH...

Poorly Configured Apache Airflow Instances Leak Credentials for Popular Services

Cybersecurity researchers on Monday discovered misconfigurations across older versions of Apache Airflow instances belonging to a number of high-profile companies across various sectors, resulting in the exposure of sensitive credentials for popular platforms and services such as Amazon Web...

Incentivizing Developers is the Key to Better Security Practices

Professional developers want to embrace DevSecOps and write secure code, but their organizations need to support this seachange if they want that effort to grow. The cyber threat landscape is becoming more complex by the day. Attackers are constantly scanning networks for vulnerable applications,...

Modernize Code Quality with ‘Quick Fixes’

Delivering functional code that is reliable, safe, and on schedule is a high priority for most development teams. And you’ll agree that the earlier in your workflow you address quality and security issues, the better and cheaper!. Today, I’d like to give you a quick tour of how you can maximize...

OESA-2021-1347 jasper security update

The JasPer Project is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 standard. Security Fixes: A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in...

PT-2021-6963 · Microsoft · Hevc Video Extensions

Name of the Vulnerable Software and Affected Versions: HEVC Video Extensions affected versions not specified Description: The issue is related to incorrect code generation management in the HEVC Video Extension codec. Exploitation of this issue may allow an attacker to execute arbitrary code...

CVE-2021-38188

The CVE-2021-38188 issue concerns the iced-x86 crate (Rust) up to version 1.10.3. The root cause is unsafe use of slice.get_unchecked(slice.length()) in Decoder::new(), which can lead to undefined behavior and potential security impact as described by multiple advisories. Public details consisten...

Babuk: Biting off More than they Could Chew by Aiming to Encrypt VM and *nix Systems? | McAfee Blogs

Babuk: Biting off More than they Could Chew by Aiming to Encrypt VM and nix Systems? Thibault Seret · JUL 28, 2021 Co-written with Northwave’s Noël Keijzer. Executive Summary For a long time, ransomware gangs were mostly focused on Microsoft Windows operating systems. Yes, we observed the...

Virtuozzo Hybrid Infrastructure 4.6 Update 1

This update provides new features, as well as bug fixes and improvements. Vulnerability id: VSTOR-45315 The MDS service may be unstable under a high load condition. Vulnerability id: VSTOR-43126 A deadlock is possible between atomic and non-atomic commands in the iSCSI kernel module. Vulnerabilit...

Researchers: NSO Group’s Pegasus Spyware Should Spark Bans, Apple Accountability

News of a zero-click zero-day in Apple’s iMessage feature being incorporated into the notorious Pegasus mobile spyware from NSO Group has drawn a variety of reactions from the security community, including concerns about the security of Apple’s closed ecosystem, and varying views on NSO Group’s...

CVE-2021-27845

A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpcenc.c...

CVE-2021-27845

A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpcenc.c...

Design/Logic Flaw

A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpcenc.c...

CVE-2021-27845

A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpcenc.c...

CVE-2021-27845

CVE-2021-27845 is tied to a divide-by-zero in JasPer Image Coding Toolkit 2.0, specifically in jasper/src/libjasper/jpc/jpc_enc.c. Connected advisories indicate the issue affects Jasper/Jpc enc pathways and is being fixed in newer jasper releases (e.g., openSUSE/SUSE advisories reference a fix in...

CVE-2021-27845

A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpcenc.c...

Common WordPress Vulnerabilities and Prevention Through Secure Coding Best Practices

WordPress has experienced exponential growth in the past several years and now holds over 42% of the CMS market share for all major sites. There are over 50,000 plugins available to download in the WordPress repository. That does not include the thousands of premium or open source plugins availab...

Microsoft Windows Codecs Library 代码注入漏洞

Microsoft HEVC Video Extensions is a video extension application from Microsoft Corporation USA. The application enables computers and devices to read High Efficiency Video Encoding or HEVC video.A remote code execution vulnerability exists in Microsoft HEVC Video Extensions. An attacker could...

distributeStrategyGainLoss can be abused

Handle gpersoon Vulnerability details Impact The function distributeStrategyGainLoss does the following check to allow access to the function: requireindex 0 || index = NCOINS + 1, "!VaultAdaptor"; However the expression index 0 || index = NCOINS + 1 is always TRUE, because the OR || is used shou...