Skip to main content

Search

Items tagged with: vulnerability


 

Adblock Plus filter lists may execute arbitrary code in web pages

Another reason for uBlock Origin users to feel smug 😀

and another reason not to use Google


https://armin.dev/blog/2019/04/adblock-plus-code-injection/
Users may also switch to uBlock Origin. It does not support the $rewrite filter option and
... show more


 

Adblock Plus filter lists may execute arbitrary code in web pages

Another reason for uBlock Origin users to feel smug 😀

and another reason not to use Google


https://armin.dev/blog/2019/04/adblock-plus-code-injection/
Users may also switch to uBlock Origin. It does not support the $rewrite filter option and it is not vulnerable to the described attack.

A new version of Adblock Plus was released on July 17, 2018. Version 3.2 introduced a new filter option for rewriting requests. A day later AdBlock followed suit and released support for the new filter option. uBlock, being owned by AdBlock, also implemented the feature.

Under certain conditions the $rewrite filter option enables filter list maintainers to inject arbitrary code in web pages.

The affected extensions have more than 100 million active users, and the feature is trivial to exploit in order to attack any sufficiently complex web serv
... show more


 

CVE-2019-9193: Not a Security Vulnerability


Posted on 2019-04-04 by PostgreSQL Global Development Group There is widespread mention in the media of a security vulnerability in PostgreSQL, registered as CVE-2019-9193. The PostgreSQL Security…
Article word count: 278

HN Discussion: https://news.ycombinator.com/item?id=19659684
Posted by proboscis (karma: 79)
Post stats: Points: 129 - Comments: 57 - 2019-04-14T14:46:23Z

#HackerNews #cve-2019-9193 #not #security #... show more


 

Microsoft finds privilege escalation vulnerability in Huawei driver


Our discovery of two privilege escalation vulnerabilities in a driver highlights the strength of Microsoft Defender ATP’s sensors. These sensors expose anomalous behavior and give SecOps personnel the…
Article word count: 2094

HN Discussion: https://news.ycombinator.com/item?id=19567399
Posted by trtobe (karma: 165)
Post stats: Points: 158 - Comments: 56 - 2019-04-03T21:27:57Z

#HackerNews #driver #... show more


 

Cisco Fixes RV320/RV325 Vulnerability by Banning “curl” in User-Agent


HN Discussion: https://news.ycombinator.com/item?id=19507225
Posted by pjf (karma: 1767)
Post stats: Points: 206 - Comments: 89 - 2019-03-27T23:14:35Z

#HackerNews #banning #cisco #curl #fixes #rv320 #rv325 #user-agent #vulnerability
HackerNewsBot debug: Calculated post rank: 167 - Loop: 128 - Rank min: 100 - Author rank: 65


 
#security #encryption #chacha20 #poly1305 #openssl #SSL #vulnerability #cipher #cryptography
ChaCha20-Poly1305 vulnerability issue affects OpenSSL 1.1.1 and 1.1.0


 

Intel CPUs afflicted with simple data-spewing spec-exec vulnerability


'Leakage ... is visible in all Intel generations starting from first-gen Core CPUs
Article word count: 920

HN Discussion: https://news.ycombinator.com/item?id=19309701
Posted by Nux (karma: 2256)
Post stats: Points: 105 - Comments: 38 - 2019-03-05T10:55:24Z

#HackerNews #afflicted #cpus #data-spewing #intel #... show more


 
Bild/Foto
Zip Slip is a widespread arbitrary file overwrite critical vulnerability,which typically results in remote command execution.It was discovered and responsibly disclosed by the Snyk Security team ahead of a public disclosure on 5th June 2018, and affects thousands of projects,including ones from HP,Amazon, Apache,Pivotal and many more (CVEs and full list here).Of course, this type of vulnerability has existed before,but recently it has manifested itself in a much larger number of projects and libraries.
The vulnerability has been found in multiple ecosystems,including JavaScript,Ruby,.NET and Go,but is especially prevalent in Java,where there is no central library offering high level processing of archive (e.g. zip) files.The lack of such a library led to vulnerable code snippets being hand crafted and shared among developer communities such as StackOverflow .

The vulnerability is exploited using a specially cra... show more


 
Bild/Foto

Password Managers: Under the Hood of Secrets Management

Abstract:


Password managers allow the storage and retrieval of sensitive information from an encrypted database. Users rely on them to provide better security guarantees against trivial exfiltration than alternative ways of storing passwords, such as an unsecured flat text file. In this paper we propose security guarantees password managers should offer and examine the underlying workings of five popular password managers targeting the Windows 10 platform: 1Password 7, 1Password 4, Dashlane, KeePass, and LastPass. We anticipated that password managers would employ basic security best practices, such as scrubbing secrets from memory when they are not in use and sanitization of memory once a password manager was logged out and placed into a locked state. However, we found that in all password managers we examined, trivial secrets extraction was po
... show more


 
Linux Kernel Flaw, Ubuntu Rumor Debunked, Kali, Geary, digiKam, Riot/Matrix | This Week in Linux 56 - https://tuxdigital.com/twinl56

On this episode of This Week in #Linux, an Arbitrary Code Execution #vulnerability was found in the Linux #Kernel but it is quite what some sources are making it out to be. Rumors are going around for #Ubuntu and #Snaps but again it's not what people are making it out to be. Then we'll get into some actual #news with some changes to #Flathub, new releases for #Geary, #Digikam, #RiotIM, #KaliLinux, BackBox, and much more. We'll also check out some interesting views about #ARM shared by #LinusTorvalds. All that and much more!




https://tuxdigital.com/twinl56
Episode 56 | This Week in Linux

TuxDigital: Episode 56 | This Week in Linux (Michael Tunnell)


 
- #ThisWeekInLinux - #WINE 4.0, #LXQt 0.14, #Parrot #OS, #Mastodon, #MythTV, #Gitea, #APT #Vulnerability | This #Week in #Linux 52



On this episode of This Week in Linux, we got some big new releases from the WINE project, LXQt, Parrot OS, Mastodon, MythTV, Gitea, and many more! We’ll also check out a security issue regarding the APT package manager and a potential blunder coming to Chromium based browsers. Then we’ll cover a new really cool utility to control GPU Overclocking on Linux. Later in the show, we’ll check out some new Linux Hardware and some Linux Gaming news. All that and much more!
https://www.invidio.us/watch?v=YC_h69lO_Ao


 
- #ThisWeekInLinux - #WINE 4.0, #LXQt 0.14, #Parrot #OS, #Mastodon, #MythTV, #Gitea, #APT #Vulnerability | This #Week in #Linux 52
Bild/Foto

On this episode of This Week in Linux, we got some big new releases from the WINE project, LXQt, Parrot OS, Mastodon, MythTV, Gitea, and many more! We’ll also check out a security issue regarding the APT package manager and a potential blunder coming to Chromium based browsers. Then we’ll cover a new really cool utility to control GPU Overclocking on Linux. Later in the show, we’ll check out some new Linux Hardware and some Linux Gaming news. All that and much more!
https://www.invidio.us/watch?v=YC_h69lO_Ao


 
All Secure Copy Protocol (SCP) implementations contain 4 security vulnerabilities that allow malicious SCP servers to make changes on the client's side:

https://www.zdnet.com/article/scp-implementations-impacted-by-36-years-old-security-flaws/

– all SCP implementations (OpenSSH, Putty, WinSCP etc.) are affected
– vulnerabilities are there since 1983
– CVE-2018-20685, CVE-2019-6111, CVE-2019-6109, CVE-2019-6110
– at the moment, only WinSCP provides a patch (WinSCP 5.14)

#scp #ssh #openssh #winscp #putty #vulnerability #infosec #cybersecurity #security


 
#Windows 10 #vulnerability #exploits in 3-2-1.


 
Christmas holidays—more exposed IP cameras will go online within the next few days:

https://infosec-handbook.eu/blog/exposed-cameras/

– two examples how attackers easily pinpoint cameras
– risks of exposed IP cameras
– tips for operating cameras more securely

Secure your IP camera(s) and help other non-technical people!

Thank you and Merry Christmas 2018. ☃️

#camera #ipcam #webcam #infosec #security #cybersecurity #privacy #risks #vulnerability #control


 
Mastodon :mastodon: security:

In August, Mastodon 2.4.4 was released which contains two fixes for security vulnerabilities.

Today, 39.5% of all Mastodon instances which show their version number are still running vulnerable Mastodon < 2.4.4.

We already checked this twice:

– 10/1/18: 42% vulnerable
– 8/23/18: 38.6% vulnerable

Either the remaining instances are all unmaintained or admins refuse to update.

#mastodon #security #vulnerability #infosec #security #cybersecurity