The infostealer Vidar has returned to the top 10 after an increase in ‘brandjacking’ attacks
Yearly Archives: 2023
USN-5869-1: HAProxy vulnerability
Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg,
and Harvey Tuch discovered that HAProxy incorrectly handled empty header
names. A remote attacker could possibly use this issue to manipulate
headers and bypass certain authentication checks and restrictions.
Chinese Hackers Infiltrate South American Diplomatic Networks
The group previously targeted government agencies and think tanks in Asia and Europe
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak:
I’m speaking at Mobile World Congress 2023 in Barcelona, Spain, on March 1, 2023 at 1:00 PM CET.
I’m speaking on “How to Reclaim Power in the Digital World” at EPFL in Lausanne, Switzerland, on Thursday, March 16, 2023, at 5:30 PM.
I’m speaking at IT-S Now 2023 in Vienna, Austria, on June 1-2, 2023.
The list is maintained on this page.
CVE-2022-22564
Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.
CVE-2021-46023
An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash.
Hackers Breach Pepsi Bottling Ventures’ Network
Experts say the delay in notifying customers left data potentially open to compromise
vim-9.0.1307-1.fc36
FEDORA-2023-93fb5b08eb
Packages in this update:
vim-9.0.1307-1.fc36
Update description:
2169641 – Syntax highlight for sh files broken
The newest upstream commit
Security fixes for CVE-2022-47024, CVE-2023-0433
EnterpriseDB adds Transparent Data Encryption to PostgreSQL
The new Transparent Data Encryption (TDE) feature will be shipped along with the company’s enterprise version of its database.
USN-5868-1: Django vulnerability
Jakob Ackermann discovered that Django incorrectly handled certain file
uploads. A remote attacker could possibly use this issue to cause Django to
consume resources, leading to a denial of service.