Read Time:7 Second
The first live video of the Promachoteuthis squid, filmed at a newly discovered seamount off the coast of Chile.
Daily Archives: September 6, 2024
YubiKey Side-Channel Attack
Read Time:15 Second
There is a side-channel attack against YubiKey access tokens that allows someone to clone a device. It’s a complicated attack, requiring the victim’s username and password, and physical access to their YubiKey—as well as some technical expertise and equipment.
Still, nice piece of security analysis.
ruby-3.3.5-14.fc41
Read Time:6 Second
FEDORA-2024-cfcd6258fa
Packages in this update:
ruby-3.3.5-14.fc41
Update description:
Upgrade to Ruby 3.3.5.
Spyware Vendors’ Nebulous Ecosystem Helps Them Evade Sanctions
Read Time:8 Second
The secret web of at least 435 entities across 42 countries making up the spyware landscape facilitates unpunished security and human rights violations, the Atlantic Council found
openjpeg-2.5.2-4.fc41
Read Time:6 Second
FEDORA-2024-3ecdf562bf
Packages in this update:
openjpeg-2.5.2-4.fc41
Update description:
Backport fix for CVE-2023-39327.
US and Allies Accuse Russian Military of Destructive Cyber-Attacks
Read Time:6 Second
The joint government advisory highlighted the cyber activities of Unit 29155, which has launched destructive cyber-attacks against critical infrastructure globally
clamav-1.0.7-1.el8
Read Time:26 Second
FEDORA-EPEL-2024-cef1a533b1
Packages in this update:
clamav-1.0.7-1.el8
Update description:
Update to 1.0.7
CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the ‘clamd’ or ‘freshclam’ services from using a symlink to corrupt system files.
CVE-2024-20505: Fixed a possible out-of-bounds read bug in the PDF file parser that could cause a denial-of-service (DoS) condition.
[SYSS-2024-030]: C-MOR Video Surveillance – OS Command Injection (CWE-78)
Read Time:19 Second
Posted by Matthias Deeg via Fulldisclosure on Sep 05
Advisory ID: SYSS-2024-030
Product: C-MOR Video Surveillance
Manufacturer: za-internet GmbH
Affected Version(s): 5.2401, 6.00PL01
Tested Version(s): 5.2401, 6.00PL01
Vulnerability Type: OS Command Injection (CWE-78)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2024-04-05
Solution Date: –
Public Disclosure: 2024-09-04…
[SYSS-2024-029]: C-MOR Video Surveillance – Dependency on Vulnerable Third-Party Component (CWE-1395)
Read Time:17 Second
Posted by Matthias Deeg via Fulldisclosure on Sep 05
Advisory ID: SYSS-2024-029
Product: C-MOR Video Surveillance
Manufacturer: za-internet GmbH
Affected Version(s): 5.2401
Tested Version(s): 5.2401
Vulnerability Type: Dependency on Vulnerable Third-Party
Component (CWE-1395)
Use of Unmaintained Third Party Components
(CWE-1104)
Risk Level: High
Solution Status: Fixed…
[SYSS-2024-028]: C-MOR Video Surveillance – Cleartext Storage of Sensitive Information (CWE-312)
Read Time:18 Second
Posted by Matthias Deeg via Fulldisclosure on Sep 05
Advisory ID: SYSS-2024-028
Product: C-MOR Video Surveillance
Manufacturer: za-internet GmbH
Affected Version(s): 5.2401, 6.00PL01
Tested Version(s): 5.2401, 6.00PL01
Vulnerability Type: Cleartext Storage of Sensitive Information
(CWE-312)
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2024-04-05
Solution Date: –
Public…