CVE-2022-23649 Improper Certificate Validation in Cosign

Cosign provides container signing, verification, and storage in an OCI registry for the sigstore project. Prior to version 1.5.2, Cosign can be manipulated to claim that an entry for a signature exists in the Rekor transparency log even if it doesn't. This requires the attacker to have pull and...

Vendors are Fixing Security Flaws Faster

Googles Project Zero is reporting that software vendors are patching their code faster. tl;dr In 2021, vendors took an average of 52 days to fix security vulnerabilities reported from Project Zero. This is a significant acceleration from an average of about 80 days 3 years ago. In addition to the...

Security Bulletin: Vulnerability in Apache Log4j affects IBM Spectrum Scale (CVE-2021-4104)

Summary A vulnerability in Apache Log4j could allow an attacker to execute arbitrary code on the system. This vulnerability may affect IBM Spectrum Scale due to its use of Log4j for logging. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could allow a remote attacker to...

How to Read Your iOS 15 App Privacy Report

Your iPhone now gives you lots of transparency into what your downloads are up to. Here's what to look out for...

[SECURITY] Fedora 34 Update: chafa-1.2.1-6.fc34

Chafa is a command-line utility that converts all kinds of images, including animated image formats like GIFs, into ANSI/Unicode character output that can be displayed in a terminal. It is highly configurable, with support for alpha transparency and multiple color modes and color spaces, combinin...

[SECURITY] Fedora 35 Update: chafa-1.2.1-6.fc35

Chafa is a command-line utility that converts all kinds of images, including animated image formats like GIFs, into ANSI/Unicode character output that can be displayed in a terminal. It is highly configurable, with support for alpha transparency and multiple color modes and color spaces, combinin...

Robinhood Trading Platform Data Breach Hits 7M Customers

Investor trading app company Robinhood Markets has confirmed a data breach that affects the personal information of about 7 million customers – roughly a third of its user base. A cyberattacker made off with emails and more, which could lead to follow-on attacks for Robinhood customers. The tradi...

Product Overview - Cynet Centralized Log Management

For most organizations today, the logs produced by their security tools and environments provide a mixed bag. On the one hand, they can be a trove of valuable data on security breaches, vulnerabilities, attack patterns, and general security insights. On the other, organizations don't have the rig...

VECTR - A Tool That Facilitates Tracking Of Your Red And Blue Team Testing Activities To Measure Detection And Prevention Capabilities Across Different Attack Scenarios

VECTR documentation can be found here: https://docs.vectr.io VECTR Community Discord Channel: https://discord.gg/2FRd8zf728 VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios...

Mandating a Zero-Trust Approach for Software Supply Chains

In the wake of the SolarWinds attack last year, President Biden issued an executive order in May advocating for mandatory software bills of materials, or SBOMs, to increase software transparency and counter supply-chain attacks. For reference, SBOMs are machine-readable documents that provide a...

Missing events/timelocks for owner/admin only functions that change critical parameters

Handle defsec Vulnerability details Impact Owner/admin only functions that change critical parameters should emit events and have timelocks. Events allow capturing the changed parameters so that off-chain tools/interfaces can register such changes with timelocks that allow users to evaluate them...

Fedora: Security Advisory for gifsicle (FEDORA-2021-b349650e52)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for gifsicle (FEDORA-2021-c351011066)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

trasparenza.comune.pinerolo.to.it Open Redirect vulnerability OBB-2146695

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Product portals open: we want your input

SonarSource was born from open source software and most of what we do remains FLOSS, so openness and transparency have always been fundamental principles. With a recent change in how we approach product management, we've gone even further. We've recently opened up product portals on Productboard...

ProtonMail Logs Activist's IP Address With Authorities After Swiss Court Order

End-to-end encrypted email service provider ProtonMail has drawn criticism after it ceded to a legal request and shared the IP address of anti-gentrification activists with law enforcement authorities, leading to their arrests in France. The Switzerland-based company said it received a "legally...

WhatsApp hit with €225 million fine for GDPR violations

WhatsApp was hit with a €225 million fine for violating the General Data Protection Regulation GDPR, the European Union’s sweeping data protection law that has been in effect for more than three years. The fine represents the highest ever penalty levied by the Irish Data Protection Commission,...

Missing events/timelocks for owner/admin only functions that change critical parameters

Handle 0xRajeev Vulnerability details Impact Owner/admin only functions that change critical parameters should emit events and have timelocks. Events allow capturing the changed parameters so that off-chain tools/interfaces can register such changes with timelocks that allow users to evaluate the...

Security Bulletin: A vulnerability in IBM Spectrum Scale could allow an authenticated user to gain elevated privileges (CVE-2020-9492)

Summary A security vulnerability has been identified in all levels of IBM Spectrum Scale HDFS Transparency that could allow a remote authenticated user to gain elevated privileges. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-9492 DESCRIPTION: Apache Hadoop cou...

ARTIF - An Advanced Real Time Threat Intelligence Framework To Identify Threats And Malicious Web Traffic On The Basis Of IP Reputation And Historical Data.

ARTIF is a new advanced real time threat intelligence framework built that adds another abstraction layer on the top of MISP to identify threats and malicious web traffic on the basis of IP reputation and historical data. It also performs automatic enrichment and threat scoring by collecting,...