iOS Zero-Day Attacks: Experts Uncover Deeper Insights into Operation Triangulation

The TriangleDB implant used to target Apple iOS devices packs in at least four different modules to record microphone, extract iCloud Keychain, steal data from SQLite databases used by various apps, and estimate the victim's location. The new findings come from Kaspersky, which detailed the great...

The outstanding stealth of Operation Triangulation

Introduction In our previous blogpost on Triangulation, we discussed the details of TriangleDB, the main implant used in this campaign, its C2 protocol and the commands it can receive. We mentioned, among other things, that it is able to execute additional modules. We also mentioned that this...

A malicious actor can Block stuff the chain until the validator signature expires.

Lines of code Vulnerability details Impact The signature of a validator is time bound of which after the expiration period the transaction becomes invalid, a malicious user might notice a time bound transaction made by the sub account and decide to block stuff the network until the validator...

Malicious sub-account operators can perform cross-chain signature replay attack

Lines of code Vulnerability details Impact Malicious sub-account operators can perform policy or transactions not allowed to the specific chain but allowed in other chain. This is possible due to cross-chain signature replay attack. Proof of Concept To describe the attack, for example, let us hav...

python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator

A regular expression denial of service vulnerability has been found in Django. Email and URL validators are vulnerable to this flaw when processing a very large number of domain name labels of emails and URLs...

Cross-site Scripting (XSS)

Overview org.webjars.npm:jquery-validation is a Client-side form validation made easy Affected versions of this package are vulnerable to Cross-site Scripting XSS in the showLabel function, which may take input from a user-controlled placeholder value. This value will populate a message via...

Cross-site Scripting (XSS)

Overview org.webjars.bowergithub.jquery-validation:jquery-validation is a Client-side form validation made easy Affected versions of this package are vulnerable to Cross-site Scripting XSS in the showLabel function, which may take input from a user-controlled placeholder value. This value will...

Cross-site Scripting (XSS)

Overview org.webjars:jquery-validation is a Client-side form validation made easy Affected versions of this package are vulnerable to Cross-site Scripting XSS in the showLabel function, which may take input from a user-controlled placeholder value. This value will populate a message via...

Cross-site Scripting (XSS)

Overview jquery-validation is a Client-side form validation made easy Affected versions of this package are vulnerable to Cross-site Scripting XSS in the showLabel function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages ...

GHSA-QW22-8W9R-864H io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud

Summary IdTokenClaimsValidator skips aud claim validation if token is issued by same identity issuer/provider. Details See https://github.com/micronaut-projects/micronaut-security/blob/master/security-oauth2/src/main/java/io/micronaut/security/oauth2/client/IdTokenClaimsValidator.javaL202 This...

Malicious code in f0-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 88d158c8b80ebe1a6b91c3a98408f43ffb8cac42f972277e81034cec453be0ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-8295 Malicious code in f0-validator (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 88d158c8b80ebe1a6b91c3a98408f43ffb8cac42f972277e81034cec453be0ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-38701

Hydra is the layer-two scalability solution for Cardano. Users of the Hydra head protocol send the UTxOs they wish to commit into the Hydra head first to the commit validator, where they remain until they are either collected into the head validator or the protocol initialisation is aborted and t...

Design/Logic Flaw

Hydra is the layer-two scalability solution for Cardano. Users of the Hydra head protocol send the UTxOs they wish to commit into the Hydra head first to the commit validator, where they remain until they are either collected into the head validator or the protocol initialisation is aborted and t...

CVE-2023-38701 Hydra's committed UTxOs at Commit validator and UTxOs at Initial validator can be spent arbitrarily by anyone

Hydra is the layer-two scalability solution for Cardano. Users of the Hydra head protocol send the UTxOs they wish to commit into the Hydra head first to the commit validator, where they remain until they are either collected into the head validator or the protocol initialisation is aborted and t...

CVE-2023-38701 Hydra's committed UTxOs at Commit validator and UTxOs at Initial validator can be spent arbitrarily by anyone

Hydra is the layer-two scalability solution for Cardano. Users of the Hydra head protocol send the UTxOs they wish to commit into the Hydra head first to the commit validator, where they remain until they are either collected into the head validator or the protocol initialisation is aborted and t...

CVE-2023-38701

CVE-2023-38701 (Hydra) affects Hydra’s head protocol on Cardano. Before v0.12.0, the commit validator and the initial validator contain a flawed check when the ViaAbort redeemer is used, allowing any user to arbitrarily spend UTxOs at the validator. This enables an attacker to steal funds users c...

PT-2023-28348 · Hydra · Hydra

Name of the Vulnerable Software and Affected Versions: Hydra versions prior to 0.13.0 Description: Hydra is the layer-two scalability solution for Cardano. The issue arises because the contestation period in the datum of the UTxO at the head validator must stay unchanged as the state progresses...

Hydra Input Validation Error Vulnerability

Hydra is a penetration testing tool. An input validation error vulnerability exists in versions of Hydra prior to 0.12.0, which stems from the commit validator containing a flawed check when using the ViaAbort converter, which allows any user to arbitrarily spend any UTxO on the validator, meanin...

PT-2023-26566 · Hydra · Hydra

Name of the Vulnerable Software and Affected Versions: Hydra versions prior to 0.12.0 Description: Hydra is a layer-two scalability solution for Cardano. The issue arises when the ViaAbort redeemer is used in the commit validator, allowing any user to spend any UTxO arbitrarily, which means an...