DSA-5090 firefox-esr – security update
Two security issues have been found in the Mozilla Firefox web browser, which result in the execution of arbitrary code. Read More
DSA-5091 containerd – security update
Felix Wilhelm discovered that the containerd container runtime was susceptible to information disclosure via malformed container images. Read More
Friday Squid Blogging: Far Side Cartoon
Squid, of course. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered....
Nvidia hackers release code-signing certificates that malware can abuse
The hacker group that recently broke into systems belonging to graphics chip maker Nvidia has released two of the company's old code-signing certificates. Researchers warn...
Conti Ransomware Group Diaries, Part III: Weaponry
Part I of this series examined newly-leaked internal chats from the Conti ransomware group, and how the crime gang dealt with its own internal breaches....
AST-2022-006: pjproject: unconstrained malformed multipart SIP message
Posted by Asterisk Security Team on Mar 04 Asterisk Project Security Advisory - AST-2022-006 Product Asterisk Summary pjproject: unconstrained malformed multipart SIP message Nature of...
AST-2022-005: pjproject: undefined behavior after freeing a dialog set
Posted by Asterisk Security Team on Mar 04 Asterisk Project Security Advisory - AST-2022-005 Product Asterisk Summary pjproject: undefined behavior after freeing a dialog set...
AST-2022-004: pjproject: integer underflow on STUN message
Posted by Asterisk Security Team on Mar 04 Asterisk Project Security Advisory - AST-2022-004 Product Asterisk Summary pjproject: possible integer underflow on STUN message Nature...
Facebook is vile, but banning it in Russia is wrong
Yes, having access to Facebook would leave ordinary Russians open to crazy QAnon theories, anti-vax propaganda, and a myriad of narrow echo chambers. But it...
CVE-2021-20319
An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence...