14 matches found
Photo booth flaw exposes people’s private pictures online
Photo booths are great. You press a button and get instant results. The same can’t be said, allegedly, for the security practices of at least one company operating them. A security researcher spent weeks trying to warn a photo booth operator about a vulnerability in its system. The flaw reportedl...
I’m done preparing the slides for my talk about Vulristics at PHDays
I 'm done preparing the slides for my talk about Vulristics at PHDays. I'll be speaking on the last day of the festival - Saturday, May 24, at 16:00 in Popov Hall 25. If you're there at that time, I'd be glad to see you. If not - join online! I'll have an hour to dive into Vulristics, vulnerabili...
CVE-2024-36466
creationtimestamp| type| source ---|---|--- 2024-11-28 07:27:58+00:00| seen| https://infosec.exchange/users/cve/statuses/113559396561098054 2024-12-02 19:00:06+00:00| seen| https://t.me/truesecator/6498 2024-12-04 05:44:04+00:00| seen|...
Kaspersky Security Bulletin 2023. Statistics
All statistics in this report come from the Kaspersky Security Network KSN global cloud service, which receives information from components in our security solutions. The data was obtained from users who had given their consent to it being sent to KSN. Millions of Kaspersky users around the globe...
Debian DSA-5382-1 : cairosvg - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5382 advisory. It was reported that cairosvg, a SVG converter based on Cairo, can send requests to external hosts when processing specially crafted SVG files with external file resource...
CVE-2023-27586
CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...
WhatsApp Launches a Proxy Tool to Fight Internet Censorship
Amid internet shutdowns in Iran, the encrypted messaging app is introducing proxy connections that can help people get online...
IRS To Ditch Biometric Requirement for Online Access
The Internal Revenue Service IRS said today it will be transitioning away from requiring biometric data from taxpayers who wish to access their records at the agencys website. The reversal comes as privacy experts and lawmakers have been pushing the IRS and other federal agencies to find less...
IRS Will Soon Require Selfies for Online Access
If you created an online account to manage your tax records with the U.S. Internal Revenue Service IRS, those login credentials will cease to work later this year. The agency says that by the summer of 2022, the only way to log in to irs.gov will be through ID.me, an online identity verification...
Kubebox - Terminal And Web Console For Kubernetes
Terminal and Web console for Kubernetes Features Configuration from kubeconfig files KUBECONFIG environment variable or $HOME/.kube Switch contexts interactively Authentication support bearer token, basic auth, private key / cert, OAuth, OpenID Connect, Amazon EKS, Google Kubernetes Engine, Digit...
openssl: bn_sqrx8x_internal carry bug on x86_64
There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely...
IT threat evolution Q3 2017. Statistics
Q3 figures According to KSN data, Kaspersky Lab solutions detected and repelled 277,646,376 malicious attacks from online resources located in 185 countries all over the world. 72,012,219 unique URLs were recognized as malicious by web antivirus components. Attempted infections by malware that ai...
Shopify: Privilege Escalation - A `MEMBER` with no ACCESS to `ORDERS` can still access the orders by using `Order Printer APP`
This researcher pointed out that Shopify's app ecosystem has no built-in way of verifying who is using an app, and therefore most apps do not verify user privileges when requesting and displaying a store's data. To resolve this issue we implemented an "online access" mode in which an app can...
DSA-1559-1 phpgedview - cross site scripting
Bulletin has no description...