Managing Cyber Risk for Under-Pressure CISOs

Overworked CISOs are struggling to deliver the cybersecurity results their organizations expect. Fortunately, there are concrete and practical ways they can make their lives easier—while managing cyber risk effectively...

PT-2024-40642 · Oracle · Java.Base

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A security exception crash was reported, involving the com.github.javaparser.GeneratedJavaParser.Expression class and methods within...

Login form doesn't get disabled when option is disabled from authentication methods

h3. Issue Summary When we remove the option to authenticate with username and password from the login form we could still use basic authentication to login. This is reproducible on Data Center: Yes h3. Steps to Reproduce Step-1. Remove the option to authenticate with username and password from th...

New Leak Shows Business Side of China’s APT Menace

A new data leak that appears to have come from one of Chinas top private cybersecurity firms provides a rare glimpse into the commercial side of Chinas many state-sponsored hacking groups. Experts say the leak illustrates how Chinese government agencies increasingly are contracting out foreign...

SUSE: Security Advisory (SUSE-SU-2024:0558-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2024:0558-1 Security update for libssh2_org

This update for libssh2org fixes the following issues: - Always add the KEX pseudo-methods 'ext-info-c' and '[email protected]' when configuring custom method list. bsc1218971, CVE-2023-48795 The strict-kex extension is announced in the list of available KEX methods. However, when the...

CVE-2024-21722 [20240201] - Core - Insufficient session expiration in MFA management views

The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified...

CVE-2024-21722 [20240201] - Core - Insufficient session expiration in MFA management views

The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified...

SUSE-SU-2024:0543-1 Security update for libssh2_org

This update for libssh2org fixes the following issues: - Always add the KEX pseudo-methods 'ext-info-c' and '[email protected]' when configuring custom method list. bsc1218971, CVE-2023-48795 The strict-kex extension is announced in the list of available KEX methods. However, when the...

Raccoon Infostealer operator extradited to the United States

A Ukrainian national, Mark Sokolovsky, has been indicted for crimes related to fraud, money laundering and aggravated identity theft and extradited to the United States from the Netherlands, the US Attorney’s Office of the Western District of Texas has announced. In March 2022, around the same ti...

Water Hydra Exploits CVE-2024-21412 to Target Financial Traders

Summary: Water Hydra exploited CVE-2024-21412 to bypass Microsoft Defender SmartScreen, targeting financial traders with DarkMe malware through sophisticated spearphishing tactics. This underscores the persistent threat of APT groups and highlights the challenge of defending against evolving atta...

The vulnerability in the `src/libgit2/revparse.c` component of the Git methods implemented in the C language, Libgit2, allows a hacker to cause a service failure.

The vulnerability in the src/libgit2/revparse.c component, which implements Git methods in the C language, is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...

[SECURITY] Fedora 38 Update: libgit2-1.6.5-1.fc38

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...

Type confusion

To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queue...

CVE-2023-6516 Specific recursive query patterns may lead to an out-of-memory condition

To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queue...

CVE-2023-6516

To keep its cache database efficient, named running as a recursive resolver occasionally attempts to clean up the database. It uses several methods, including some that are asynchronous: a small chunk of memory pointing to the cache element that can be cleaned up is first allocated and then queue...

CVE-2024-23756

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...

CVE-2024-23756

The CVE-2024-23756 issue affects Plone official Docker version 5.2.13 (5221) where HTTP PUT and DELETE methods are enabled, allowing unauthenticated attackers to upload or delete files on the server. Descriptions across multiple sources corroborate that the vulnerability enables dangerous actions...

CVE-2024-23756

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...

CVE-2024-23756

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...