rocco, Author at Cyber Security News

CWE-408 – Incorrect Behavior Order: Early Amplification

Description The software allows an entity to perform a legitimate but expensive operation before authentication or authorization has taken place. Modes of Introduction: - Architecture...

rocco

May 26, 2022May 26, 2022

CWE

CWE-409 – Improper Handling of Highly Compressed Data (Data Amplification)

Description The software does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output. An example...

rocco

May 26, 2022May 26, 2022

CWE

CWE-41 – Improper Resolution of Path Equivalence

Description The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file...

rocco

May 26, 2022May 26, 2022

CWE

CWE-410 – Insufficient Resource Pool

Description The software's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by...

rocco

May 26, 2022May 26, 2022

CWE

CWE-412 – Unrestricted Externally Accessible Lock

Description The software properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is...

rocco

May 26, 2022May 26, 2022

CWE

CWE-413 – Improper Resource Locking

Description The software does not lock or does not correctly lock a resource when the software must have exclusive access to the resource. When a...

rocco

May 26, 2022May 26, 2022

CWE

CWE-414 – Missing Lock Check

Description A product does not check to see if a lock is present before performing sensitive operations on a resource. Modes of Introduction: - Architecture...

rocco

May 26, 2022May 26, 2022

CWE

CWE-415 – Double Free

Description The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations. When a program calls free() twice...

rocco

May 26, 2022May 26, 2022

CWE

CWE-416 – Use After Free

Description Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. Modes of Introduction: - Architecture...

rocco

May 26, 2022May 26, 2022

CWE

CWE-419 – Unprotected Primary Channel

Description The software uses a primary channel for administration or restricted functionality, but it does not properly protect the channel. Modes of Introduction: - Architecture...

rocco

May 26, 2022May 26, 2022

Cyber-Attack on Microlise Disrupts DHL and Serco Tracking Services

IRISSCON: Organizations Still Falling Victim to Predictable Cyber-Attacks

Winos4.0 Malware Found in Game Apps, Targets Windows Users

Massive Nigerian Cybercrime Bust Sees 130 Arrested

IoT Devices in Password-Spraying Botnet

Google Cloud to Mandate Multifactor Authentication by 2025

Snowflake Hacking Suspect Arrested in Canada

Global Operation Takes Down 22,000 Malicious IPs

Enhancing Cyber Resilience in Energy and Utilities Organizations

rocco

CWE-408 – Incorrect Behavior Order: Early Amplification

CWE-409 – Improper Handling of Highly Compressed Data (Data Amplification)

CWE-41 – Improper Resolution of Path Equivalence

CWE-410 – Insufficient Resource Pool

CWE-412 – Unrestricted Externally Accessible Lock

CWE-413 – Improper Resource Locking

CWE-414 – Missing Lock Check

CWE-415 – Double Free

CWE-416 – Use After Free

CWE-419 – Unprotected Primary Channel