36 matches found
This Week in Spring – March 18th, 2025
Hi, Spring fans! I just got back from the amazing JavaOne show held in Redwood Shores. It was a fun, uproarious event and a great chance to reconnect with tons of friends, old and new. I love this community! One of the central highlights of this show? Java 24 is here, finally! And, as usual, we'v...
SUSE CVE-2022-49513
In the Linux kernel, the following vulnerability has been resolved: cpufreq: governor: Use kobject release method to free dbsdata The struct dbsdata embeds a struct govattrset and the struct govattrset embeds a kobject. Since every kobject must have a release method and we can't use kfree to free...
CVE-2022-49225 mt76: mt7921s: fix a possible memory leak in mt7921_load_patch
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921s: fix a possible memory leak in mt7921loadpatch Always release fw data at the end of mt7921loadpatch routine...
CVE-2022-49225
CVE-2022-49225 affects the Linux kernel component mt7921s (mt76) where a memory leak could occur in mt7921_load_patch if fw data isn’t released. The fix releases fw data at the end of the routine to prevent leak; the vulnerability manifests locally with an availability impact. Affected context re...
This Week in Spring - December 17th, 2024
This Week in Spring - December 17th, 2024 Hi, Spring fans! Welcome to another installment of a Bootiful Podcast! It's the 17th of December, 2024! And you know what means? The end of the year is nearly upon us! I can't believe it. It's been a very long year indeed, but I'm happy to get on board a...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to clear the PMU snapshot area before releasing data in RISC-V KVM, which could result in a null point...
DEBIAN-CVE-2021-47372
In the Linux kernel, the following vulnerability has been resolved: net: macb: fix use after free on rmmod platdev-dev-platformdata is released by platformdeviceunregister, use of pclk and hclk is a use-after-free. Since device unregister won't need a clk device we adjust the function call sequen...
Fulton County, Security Experts Call LockBit’s Bluff
The ransomware group LockBit told officials with Fulton County, Ga. they could expect to see their internal documents published online this morning unless the county paid a ransom demand. LockBit removed Fulton Countys listing from its victim shaming website this morning, claiming the county had...
Read The Manual Locker: A Private RaaS Provider
Read The Manual Locker: A Private RaaS Provider By Trellix · April 13, 2023 This blog was written by Max Kersten The underground intelligence was obtained byN074B07. Another day, another ransomware-as-a-service RaaS provider, or so it seems. We’ve observed the “Read The Manual” RTM Locker gang,...
RagnarLocker Ransomware Threatens to Release Confidential Information | McAfee Blogs
ARCHIVED STORY RagnarLocker Ransomware Threatens to Release Confidential Information Alexandre Mundo · JUN 09, 2020 EXECUTIVE SUMMARY The RagnarLocker ransomware first appeared in the wild at the end of December 2019 as part of a campaign against compromised networks targeted by its operators. Th...
Information operations on Twitter: new data released on election tampering
Back in April, we talked about the wealth of options available to Russian hackers and others launching social engineering campaigns, whether on social networks or through clever attacks launched via Advanced Persistent Threats. Some of that was information published by Twitter at the time in...
Spring data rest 远程代码执行(cve-2017-8046)
漏洞描述 漏洞描述 Spring Data Rest 在处理 PATCH 请求时存在RCE高危漏洞, 可以使用手工构造的JSON数据构造恶意PATCH请求提交至spring-data-rest服务器,使得服务器运行恶意JAVA代码。Spring Data Rest项目的目标是提供一种灵活的、可配置的机制,编写出可以对外暴露出HTTP协议的简单服务。 Git地址: https://github.com/spring-projects/spring-data-rest 漏洞来源: https://pivotal.io/security/cve-2017-8046 影响版本: Spring...
HBGary Federal One Year Later !
HBGary Federal One Year Later ! Doug Vitale sharing and interesting read with our Readers from his Blog About HBGary Federal. In February 2011, the loosely knit collective of hacktivists known as Anonymous successfully compromised the corporate network of HBGary Federal HBG Fed, a company that...
Gary McGraw on the BSIMM3 Data Release
Dennis Fisher talks with Gary McGraw of Cigital about the release of the data collected during the BSIMM 3 software security measurement project, the most pressing challenges facing companies involved in software security programs and the reasons that the US government is falling farther behind o...
Anonymous hacks Defense contractor ManTech for #Antisec
Anonymous hacks Defense contractor ManTech for Antisec In a tweet posted by Anonymous claimed to have hack the defense contractor, ManTech International. Hackers promise to Release the Data within 24 Hours. This is the latest hack in the group's AntiSec Operation, and in particular its series of...
Anonymous launches Anonleaks.ru to expose HBGary 27,000 Emails, Data available soon !
Anonymous launches Anonleaks.ru to expose HBGary 50000 Emails, data available soon ! Anonymous plans to release 27,000 emails from the server of Greg Hoglund, chief executive of the software security firm HBGary. It has posted 50,000 emails of Aaron Barr from the CEO of its sister organization, H...