Aggregator

原域名已变更且将在2024年彻底废弃，请访问 https://govuln.com/news/ 查看新的RSS订阅

Author/Presenter: Andrea M. Matwyshyn

Our sincere appreciation to BSidesLV, and the Presenters/Authors for publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the Tuscany Suites & Casino; and via the organizations YouTube channel.

Permalink

The post BSidesLV24 – IATC – Difficult Conversations appeared first on Security Boulevard.

Cloud-based streaming company StreamElements confirms it suffered a data breach at a third-party service provider after a threat actor leaked samples of stolen data on a hacking forum. [...]

A new cybercrime platform named 'Atlantis AIO' provides an automated credential stuffing service against 140 online platforms, including email services, e-commerce sites, banks, and VPNs. [...]

bincrypter – Pack/Encrypt/Obfuscate ELF + SHELL scripts A Linux Binary Runtime Crypter – in BASH! Features Obfuscates & encrypts any ELF binary or #!-script AV/EDR death: Morphing + different signature every time 100% in-memory. No temporary...

The post bincrypter: A Linux Binary Runtime Crypter appeared first on Penetration Testing Tools.

Currently trending CVE - Hype Score: 30 - Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

Currently trending CVE - Hype Score: 43 - Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

Currently trending CVE - Hype Score: 43 - Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. An attacker could use a specially crafted file system image that, when mounted, could cause a denial of service (system crash) or possibly execute ...

Currently trending CVE - Hype Score: 34 - A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in ...

Currently trending CVE - Hype Score: 35 - A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx ...

Currently trending CVE - Hype Score: 48 - A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the ...

Currently trending CVE - Hype Score: 35 - A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of ...

Currently trending CVE - Hype Score: 35 - A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and ...

Currently trending CVE - Hype Score: 26 - Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Currently trending CVE - Hype Score: 37 - Next.js is a React framework for building full-stack web applications. Prior to 14.2.25 and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is ...

Defensie kan burger zorgreservisten oproepen bij crises. Het ministerie begint daarvoor een samenwerking met de Nationale Zorgreserve (NZR). Bij dit netwerk zijn civiele (oud) zorgprofessionals aangesloten. Zij kunnen ingezet worden voor crises in Nederland, maar nu dus ook bij inzet van Defensie. Deze mensen wordt dan gevraagd of ze achtervang willen zijn in het geval medisch defensiepersoneel naar het buitenland moet. 

Track, measure, and prove your AppSec impact with the Mend.io Value Dashboard.

The post Introducing the Mend.io Value Dashboard: Measure and Showcase Your Security Impact appeared first on Security Boulevard.