A week in security (March 4 – March 10)
A list of topics we covered in the week of March 4 to March 10 of 2024
A list of topics we covered in the week of March 4 to March 10 of 2024
I have been struggling a lot with decoding the following message: ">1W)E870@=&AE(‘!A<W-W;W)D(&ES(&-A=&-H+6UE ".
I do not know how to convert the message above into a readable one. I tried using base64 data f…
A vulnerability was found in AWS aws-js-s3-explorer 1.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.html of the component S3 Bucket Name Handler. The manipulation leads to cross site scrip…
A vulnerability was found in Canon Color imageCLASS MF740C, Color imageCLASS MF640C, i-SENSYS MF740C, i-SENSYS MF640C, Satera MF740C, Satera MF640C, Color imageCLASS X MF1127C, C1127i, Color imageCLASS LBP664Cdw, Color imageCLASS LBP622Cdw, i-SENSYS LB…
A vulnerability was found in Student Information Chatbot 1.0. It has been classified as critical. Affected is an unknown function of the file index.php of the component Login. The manipulation of the argument username/password leads to sql injection.
…
A vulnerability was found in bpftrace up to 0.20.1 on Linux and classified as problematic. This issue affects the function unpack_kheaders_tar_xz of the file src/utils.cpp. The manipulation leads to insecure temporary file.
The identification of this …
A vulnerability has been found in IOVisor BPF Compiler Collection on Linux and classified as problematic. This vulnerability affects the function KBuildHelper::get_flags of the file src/cc/frontends/clang/kbuild_helper.cc of the component Kernel Header…
Technical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and AdminServer, which could be potentially exploited to bypass authe…
A financially motivated threat actor called Magnet Goblin is swiftly adopting one-day security vulnerabilities into its arsenal in order to opportunistically breach edge devices and public-facing services and deploy malware on compromised hos…
I know this might sound counter-intuitive, but is it possible to configure gpg to store public keys in encrypted state on disks? Such that when encrypting a message to someone, user would be asked to first enter a passphrase to decrypt rec…