Aggregator

A vulnerability has been found in gorilla schema up to 1.4.0 and classified as critical. Affected by this vulnerability is the function session_id. The manipulation leads to allocation of resources. This vulnerability is known as CVE-2024-37298. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Python up to 3.8.17/3.9.17/3.10.12/3.11.4. This vulnerability affects unknown code of the component TLS Client Authentication Handler. The manipulation leads to improper initialization. This vulnerability was named CVE-2023-40217. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in CPython up to 3.8.18/3.9.18/3.10.13/3.11.8/3.12.2 on zipfile. This issue affects some unknown processing. The manipulation leads to asymmetric resource consumption. The identification of this vulnerability is CVE-2024-0450. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in OpenIDC mod_auth_openidc up to 2.4.15.1. It has been rated as problematic. Affected by this issue is the function mod_auth_openidc_session_chunks. The manipulation leads to resource consumption. This vulnerability is handled as CVE-2024-24814. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Python up to 3.10. Affected is an unknown function of the component urllib.parse. The manipulation leads to improper input validation. This vulnerability is traded as CVE-2023-24329. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in CPython up to 3.8.18/3.9.18/3.10.13/3.11.8/3.12.2. Affected by this issue is the function tempfile.TemporaryDirectory. The manipulation leads to symlink following. This vulnerability is handled as CVE-2023-6597. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

I had a tremendous time at the InCyber Montreal forum. The speakers, panels, fellow practitioners, and events were outstanding!

I bumped into Dan Lohrmann and Nancy Rainosek before their panel with Sue McCauley on CISO challenges. We had some very interesting discussions throughout the day. Always great to hang out with Dan and Nancy.

Then it was my turn on a panel, led by Nataliya Khylenko, discussing how to strike a balance when protecting data in the age of AI. Fellow panelists Sandra Estok, Tania Tanic, and Brandon Pugh were brilliant in providing diverse and relevant perspectives.

By the end of the day, I was able to spend some quality time with Diane M Janosek, Christophe Foulon, and Evgeniy Kharam.

One of my favorite talks was from the passionate Sumona Banerji, who discussed the evolving risks of child online grooming and victimization.

I also caught glimpses of Alexa Charles who leads the coordination of this massive event and keeps all us speakers happy! She is a true superstar!

The Gala Cocktail was spectacular. A local mariachi band, not what I expected in Montreal Canada, played lively tunes and the discussions were flowing among the cybersecurity professionals!

Last but not least Vincent Riou and Shigeru Kitamura, former National Security Advisor of Japan, announced an expansion of the InCyber events to include San Antonio and Japan for 2025!

I am looking forward to both next year!

The post Highlights from the InCyber Montreal Forum appeared first on Security Boulevard.

Close International Law Enforcement Collaboration Will Continue, Experts Forecast
One post-election question pertaining to Donald Trump's upcoming presidency is how his administration will choose to combat cybercrime, and to what extent the White House will continue to take a leadership role in combating ransomware and cybercrime - especially based in Russia.

Trapets CEO Gabriella Bussien on Why Banks Need to Fine-Tune, Automate KYC Processes
KYC protocols traditionally focus on account-level verification, but examining KYC at the product level can help banks assess risk more accurately. Asking targeted questions based on product risk enables institutions to detect potential financial crimes, said Gabriella Bussien, CEO of Trapets.

Also: LottieFiles Attack, Craig Wright's Contempt of Court
This week, Metawin hacks, LottieFiles attack, hackers used Ethereum smart contracts to target npm developers, Craig Wright faced contempt of court, Alameda sued KuCoin, Binance sought dismissal of a U.S. Securities and Exchange lawsuit, and Immutable received a Wells Notice.

Also: Ransomware Hackers Demand Baguettes
This week, Chinese spying, Italian hacking scandal, an FBI warning and Okta fixed a bug. Google mandated MFA, zero days in PTZOptics and a Mexican airport didn't pay ransom. Cybercriminals demanded baguettes, breach lettersin Ohio and Germany will shield white hats. The Italian DPA rebuked a bank.

Did Data Theft at Firm Also Affect Other Clients' Information?
A hacking incident at Thompson Coburn, a national law firm based in Missouri, has affected an unspecified number of patients of a healthcare sector client, Presbyterian Healthcare Services in New Mexico. But a big unanswered question is whether other clients were affected.

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto Expedition, Android, CyberPanel and Nostromo nhttpd bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2024-43093 – this week, Google warned that the vulnerability CVE-2024-43093 in the Android OS is […]

A vulnerability was found in Intelliants Subrion CMS up to 3.3.2. It has been classified as critical. This affects an unknown part of the component Salt Cookie. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2015-4129. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Over the past few years, businesses have rapidly expanded their digital infrastructure to accommodate distributed workforces and implemented a slew of modernization initiatives to bring them into the digital era. This has fueled a shift from on-premises data storage to […]

The post From Data to Cloud: Bridging Security Gaps with DSPM and CSPM appeared first on TechSpective.

The post From Data to Cloud: Bridging Security Gaps with DSPM and CSPM appeared first on Security Boulevard.