CVE-2024-46984 XML External Entity Reference (XXE) vulnerability can lead to a Server Side Request Forgery attack in gematik app-referencevalidator

The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons package is vulnerable to XML External Entities attack due to insecure defaults of the used Woodstox...

CVE-2024-46984 XML External Entity Reference (XXE) vulnerability can lead to a Server Side Request Forgery attack in gematik app-referencevalidator

The reference validator is a tool to perform advanced validation of FHIR resources for TI applications and interoperability standards. The profile location routine in the referencevalidator commons package is vulnerable to XML External Entities attack due to insecure defaults of the used Woodstox...

GSMA Plans End-to-End Encryption for Cross-Platform RCS Messaging

The GSM Association GSMA, the governing body that oversees the development of the Rich Communications Services RCS protocol, on Tuesday, said it's working towards implementing end-to-end encryption E2EE to secure messages sent between the Android and iOS ecosystems. "The next major milestone is f...

CVE-2024-45294

A flaw was found in HAPI FHIR - HL7 FHIR Core Artifacts. eXtensible Stylesheet Language Transformations XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host...

Let’s All Agree to Use Seeds as ML-KEM Keys

Last week, NIST published the final version of the ML-KEM1 specification, FIPS 203. One change from the draft is that the final document explicitly allows storing the private decapsulation key as a seed. This is a plea to the cryptography engineering community: let’s all agree to only use seeds a...

Data Wallets Using the Solid Protocol

I am the Chief of Security Architecture at Inrupt, Inc., the company that is commercializing Tim Berners-Lees Solid open W3C standard for distributed data ownership. This week, we announced a digital wallet based on the Solid architecture. Details are here, but basically a digital wallet is a...

What is the Fediverse and the Social Network Platforms It Powers

Discover the Fediverse, a decentralized social media network promoting interoperability, privacy, and customization. Explore its pros, cons, platforms like Mastodon and PeerTube, and the role of decentralization. A game-changer in online communication and community-building...

Security Bulletin: IBM MQ Appliance vulnerable to "Terrapin" attack in OpenSSH (CVE-2023-48795)

Summary By manipulating sequence numbers during SSH connection setup, a MITM attacker can delete negotiation messages without causing a MAC failure. To mitigate this vulnerability, IBM MQ Appliance has removed the chacha20-poly1305 cipher and all etm HMACs from the default set of algorithms...

Update 24.1 for Microsoft Dynamics 365 Business Central 2024 Release Wave 1 (Application Build 24.1.19498, Platform Build 24.0.19487)

Update 24.1 for Microsoft Dynamics 365 Business Central 2024 Release Wave 1 Application Build 24.1.19498, Platform Build 24.0.19487 Overview This update replaces previously released updates. You should always install the latest update. This update also fixes vulnerabilities. For more information,...

Entangle Launches Mainnet Leveraging Omnichain Interoperability

By Uzair Amir Dubai, UAE, May 16, 2024 - Entangle, an interoperable data infrastructure layer, announces the successful launch of its… This is a post from HackRead.com Read the original post: Entangle Launches Mainnet Leveraging Omnichain Interoperability...

(Cyber) Risk = Probability of Occurrence x Damage

Here's How to Enhance Your Cyber Resilience with CVSS In late 2023, the Common Vulnerability Scoring System CVSS v4.0 was unveiled, succeeding the eight-year-old CVSS v3.0, with the aim to enhance vulnerability assessment for both industry and the public. This latest version introduces additional...

New Lawsuit Attempting to Make Adversarial Interoperability Legal

Lots of complicated details here: too many for me to summarize well. It involves an obscure Section 230 provision--and an even more obscure typo. Read this...

CVE-2024-32644

Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there is a way to mint arbitrary tokens due to the possibility to have two different states not in sync during the execution of a transaction. The exploit ...

U.S. Justice Department Sues Apple Over Monopoly and Messaging Security

The U.S. Department of Justice DoJ, along with 16 other state and district attorneys general, on Thursday accused Apple of illegally maintaining a monopoly over smartphones, thereby undermining, among other things, the security and privacy of users when messaging non-iPhone users. "Apple wraps...

CVE-2023-41334

CVE-2023-41334 affects Astropy core package version 5.3.2, with remote code execution due to improper input validation in TranformGraph().to_dot_graph. A crafted savelayout value can be injected into subprocess.Popen, causing the malicious command to execute despite an error. The issue is fixed i...

Meta Details WhatsApp and Messenger Interoperability to Comply with EU's DMA Regulations

Meta has offered details on how it intends to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act DMA went into effect in the European Union. "This allows users of third-party providers who choose to enable interoperability interop t...

[SECURITY] Fedora 40 Update: aopalliance-1.0-39.fc40

Aspect-Oriented Programming AOP offers a better solution to many problems than do existing technologies, such as EJB. AOP Alliance intends to facilitate and standardize the use of AOP to enhance existing middleware environments such as J2EE, or development environements e.g. Eclipse. The AOP...

Cesanta MJS Denial of Service Vulnerability (CNVD-2024-34384)

Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. Designed for microcontrollers with limited resources. The main design goals were a small footprint and simple C/C++ interoperability. Cesanta MJS has a denial of service vulnerability that can be exploited by an attacker...

[SECURITY] Fedora 38 Update: samba-4.18.9-1.fc38

Samba is the standard Windows interoperability suite of programs for Linux and Unix...

[SECURITY] Fedora 39 Update: samba-4.19.2-1.fc39

Samba is the standard Windows interoperability suite of programs for Linux and Unix...