Friday Squid Blogging: Far Side Cartoon
Squid, of course. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered....
Nvidia hackers release code-signing certificates that malware can abuse
The hacker group that recently broke into systems belonging to graphics chip maker Nvidia has released two of the company's old code-signing certificates. Researchers warn...
Conti Ransomware Group Diaries, Part III: Weaponry
Part I of this series examined newly-leaked internal chats from the Conti ransomware group, and how the crime gang dealt with its own internal breaches....
AST-2022-006: pjproject: unconstrained malformed multipart SIP message
Posted by Asterisk Security Team on Mar 04 Asterisk Project Security Advisory - AST-2022-006 Product Asterisk Summary pjproject: unconstrained malformed multipart SIP message Nature of...
AST-2022-005: pjproject: undefined behavior after freeing a dialog set
Posted by Asterisk Security Team on Mar 04 Asterisk Project Security Advisory - AST-2022-005 Product Asterisk Summary pjproject: undefined behavior after freeing a dialog set...
AST-2022-004: pjproject: integer underflow on STUN message
Posted by Asterisk Security Team on Mar 04 Asterisk Project Security Advisory - AST-2022-004 Product Asterisk Summary pjproject: possible integer underflow on STUN message Nature...
Facebook is vile, but banning it in Russia is wrong
Yes, having access to Facebook would leave ordinary Russians open to crazy QAnon theories, anti-vax propaganda, and a myriad of narrow echo chambers. But it...
CVE-2021-20319
An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence...
CVE-2021-20303
A flaw found in function dataWindowForTile() of IlmImf/ImfTiledMisc.cpp. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger...
CVE-2021-20302
A flaw was found in OpenEXR's TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR,...