112 matches found
Malicious Package
Overview Version 1.0.1 of jquerz contains malicious code as a preinstall script. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When installed, the package downloads a file from a remote server, executes it and opens a...
Artificial Intelligence May Not 'Hallucinate' After All
What makes an algorithm mistake a helicopter for a gun? Researchers think the answer has to do more with man than machine...
HackerOne: Inline banner on Report page discloses whether organization runs a private program
Summary: Hi team , @jobert Description: Your engineers have created inscription - You are participating in a private program for ████████. Please do not publicly discuss the program until the program goes public. When a hacker creates a report in an external program with a private page, we will s...
Security Vulnerability in ESS ExpressVote Touchscreen Voting Computer
Of course the ESS ExpressVote voting computer will have lots of security vulnerabilities. It's a computer, and computers have lots of vulnerabilities. This particular vulnerability is particularly interesting because it's the result of a security mistake in the design process. Someone didn't thin...
Malicious Typo-Squatting
shadowsock is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake it for the real one but have malicious actions under the hood such as stealing environment variables...
Malicious Typo-Squatting
crossenv is a malicious typo-squatting package. The package uses a similar name to the original library so that developers may mistake it for the real one but have malicious actions under the hood such as stealing environment variables...
Germany’s Deutsche Bank transfers €28 billion to an account by mistake
By Carolina A couple of years ago, a massive bank heist was This is a post from HackRead.com Read the original post: Germany's Deutsche Bank transfers €28 billion to an account by mistake...
await vs return vs return await
When writing async functions, there are differences between await vs return vs return await, and picking the right one is important. Let's start with this async function: async function waitAndMaybeReject // Wait one second await new Promiser = setTimeoutr, 1000; // Toss a coin const isHeads =...
CVE-2017-2414
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "DataAccess" component. It allows remote attackers to access Exchange traffic in opportunistic circumstances by leveraging a mistake in typing an e-mail address...
cURL: Certificate validation error
Background cURL is a tool and libcurl is a library for transferring data with URL syntax. Description cURL and applications linked against libcurl support “OCSP stapling”, also known as the TLS Certificate Status Request extension using the CURLOPTSSLVERIFYSTATUS option. When telling cURL to use...
GLSA-201703-04 : cURL: Certificate validation error
The remote host is affected by the vulnerability described in GLSA-201703-04 cURL: Certificate validation error cURL and applications linked against libcurl support OCSP stapling, also known as the TLS Certificate Status Request extension using the CURLOPTSSLVERIFYSTATUS option. When telling cURL...
FreeBSD : cURL -- ocsp status validation error (311e4b1c-f8ee-11e6-9940-b499baebfeaf)
The cURL project reports : SSLVERIFYSTATUS ignored curl and libcurl support 'OCSP stapling', also known as the TLS Certificate Status Request extension using the CURLOPTSSLVERIFYSTATUS option. When telling curl to use this feature, it uses that TLS extension to ask for a fresh proof of the server...
CURL-CVE-2017-2629 SSL_VERIFYSTATUS ignored
curl and libcurl support "OCSP stapling", also known as the TLS Certificate Status Request extension using the CURLOPTSSLVERIFYSTATUS option. When telling curl to use this feature, it uses that TLS extension to ask for a fresh proof of the server's certificate's validity. If the server does not...
Nextcloud: bug reporting template encourages users to paste config file with passwords
The dangerous bug reporting template ============================= The github bug reporting template for nextcloud's server and some apps contains this: The content of config/config.php: If you have access to your command line run e.g.: sudo -u www-data php occ config:list system from within your...
FreeBSD : FreeBSD -- Resource exhaustion in TCP reassembly (0cb9d5bb-600a-11e6-a6c3-14dae9d210b8)
There is a mistake with the introduction of VNET, which converted the global limit on the number of segments that could belong to reassembly queues into a per-VNET limit. Because mbufs are allocated from a global pool, in the presence of a sufficient number of VNETs, the total number of mbufs...
FBI Admits — It was a 'Mistake' to Reset Terrorist's iCloud Password
Yes, FBI Director James Comey admitted that the investigators made a "mistake" with the San Bernardino investigation during a congressional hearing held by the House Judiciary Committee. Apple is facing a court order to help the FBI unlock an iPhone belonged to San Bernardino Shooter by developin...
Google rewarded the Guy who Accidentally bought Google.com, But he Donated it to Charity
Sanmay Ved – the man who actually managed to buy Google.com got a huge reward from Google, but he donated all money to charity. Last week, an ex-Google employee and now-Amazon employee managed to buy the world's most-visited domain Google.com via Google's own Domains service for only $12. However...
Key Flaw Enables Recovery of Files Encrypted by TorrentLocker
Crypto ransomware, a relatively unknown phenomenon a couple of years ago, has exploded into one of the nastier malware problems for Internet users. Variants such as CryptoLocker and CryptoWall have been siphoning money from victims for some time, and now researchers have dissected a newer variant...
samba: pam_winbind fails open when non-existent group specified to require_membership_of
The winbindnamelisttosidstringlist function in nsswitch/pamwinbind.c in Samba through 4.1.2 handles invalid requiremembershipof group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by...
CVE-2012-6150
The winbindnamelisttosidstringlist function in nsswitch/pamwinbind.c in Samba through 4.1.2 handles invalid requiremembershipof group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by...