Seth Manesse and Paul Plasil discovered that HAProxy incorrectly handled
URI components containing the hash character (#). A remote attacker could
possibly use this issue to obtain sensitive information, or to bypass
certain path_end rules.
Arnaud Morin discovered that Nova incorrectly handled certain raw format
images. An authenticated user could use this issue to access arbitrary
files on the server, possibly exposing sensitive information.
Joshua Rogers discovered that Squid did not properly handle multi-byte
characters during Edge Side Includes (ESI) processing. A remote attacker
could possibly use this issue to cause a memory corruption error, leading
to a denial of service.
Symantec said Chinese espionage group Daggerfly has updated its malware toolkit as it looks to target Windows, Linux, macOS and Android operating systems
British police have arrested a 17-year-old boy believed to be linked to a cybercriminal gang that launched devastating ransomware attacks last year on MGM Resorts and other companies.
Read more in my article on the Hot for Security blog.
It has been revealed that earlier this month a website which offered a DDoS-for-hire service was taken offline by law enforcement, but only after they collected data about its criminal customers.
Read more in my article on the Hot for Security blog.
It was discovered that Bind incorrectly handled a flood of DNS messages
over TCP. A remote attacker could possibly use this issue to cause Bind to
become unstable, resulting in a denial of service. (CVE-2024-0760)
Toshifumi Sakaguchi discovered that Bind incorrectly handled having a very
large number of RRs existing at the same time. A remote attacker could
possibly use this issue to cause Bind to consume resources, leading to a
denial of service. (CVE-2024-1737)
It was discovered that Bind incorrectly handled a large number of SIG(0)
signed requests. A remote attacker could possibly use this issue to cause
Bind to consume resources, leading to a denial of service. (CVE-2024-1975)
Daniel Stränger discovered that Bind incorrectly handled serving both
stable cache data and authoritative zone content. A remote attacker could
possibly use this issue to cause Bind to crash, resulting in a denial of
service. (CVE-2024-4076)
On Ubuntu 20.04 LTS, Bind has been updated from 9.16 to 9.18. In addition
to security fixes, the updated packages contain bug fixes, new features,
and possibly incompatible changes.
Please see the following for more information:
https://kb.isc.org/docs/changes-to-be-aware-of-when-moving-from-bind-916-to-918
It was discovered that the Tomcat SSI printenv command echoed user
provided data without escaping it. An attacker could possibly use this
issue to perform an XSS attack. (CVE-2019-0221)
It was discovered that Tomcat incorrectly handled certain uncommon
PersistenceManager with FileStore configurations. A remote attacker could
possibly use this issue to execute arbitrary code.
(CVE-2020-9484, CVE-2021-25329)
In episode eight of “The AI Fix”, our hosts tackle the latest news from the world of AI and learn about two important medical breakthroughs, Mark coughs, Graham ruins “Killing me softly”, and neither shows their junk to an AI. Graham explains humour to Mark and shares a donkey story he learned from a Bulgarian, … Continue reading “The AI Fix #8: Emergence, a rancid donkey, and the world’s funniest joke”
A new report published by RUSI highlighted how Russia’s intelligence services have adapted their cybersecurity strategy to the demands of a long war in Ukraine
