| by Arround The Web

OpenSSF Warns of Open-Source Social Engineering Threats

Linux dodged a bullet. If the XZ exploit had gone undiscovered for only a few more weeks, millions of Linux systems would have been compromised with a backdoor. We were lucky. But can we stay lucky? The Open Source Security Foundation (OpenSF) and the OpenJS Foundation revealed that a similar hacking attempt had targeted several […]

The post OpenSSF Warns of Open-Source Social Engineering Threats appeared first on Linux Today.

Share Button
Read More
| by Arround The Web

Critical Squid Vulns Threaten Sensitive Data, System Availability

Several critical vulnerabilities were found in the popular Squid caching proxy, including request/response smuggling in HTTP/1.1 and ICAP (CVE-2023-46846), denial of service in HTTP Digest Authentication (CVE-2023-46847), and denial of service in FTP (…

Share Button
Read More
| by Arround The Web

Owncast, EaseProbe Security Vulnerabilities Revealed

Oxeye has uncovered two critical security vulnerabilities in Owncast (CVE-2023-3188) and EaseProbe (CVE-2023-33967). Learn more here.
The post Owncast, EaseProbe Security Vulnerabilities Revealed appeared first on Linux Today.

Share Button
Read More
| by Arround The Web

OpenSSL Warns of Critical Security Vulnerability With Upcoming Patch

With the latest warning from OpenSSL, we can safely say that come Nov. 1, everyone — and I mean everyone — will need to patch OpenSSL 3.x. Learn more here.
The post OpenSSL Warns of Critical Security Vulnerability With Upcoming Patch appeared first on …

Share Button
Read More
| by Arround The Web

High Severity Vulnerabilities Found in Harbor Open-Source Artifact Registry

Oxeye security researchers have uncovered several new high severity variants of the IDOR (Insecure Director Object Reference) vulnerabilities in CNCF-graduated project Harbor, the popular open-source artifact registry by VMware.
The post High Severity …

Share Button
Read More
| by Arround The Web

New DNS Spoofing Threat Puts Millions of Devices at Risk

Security researchers have uncovered a critical vulnerability that could lead to DNS spoofing attacks in two popular C standard libraries that provide functions for common DNS operations.
The post New DNS Spoofing Threat Puts Millions of Devices at Risk…

Share Button
Read More
| by Arround The Web

New DNS Spoofing Threat Puts Millions of Devices at Risk

Security researchers have uncovered a critical vulnerability that could lead to DNS spoofing attacks in two popular C standard libraries that provide functions for common DNS operations.
The post New DNS Spoofing Threat Puts Millions of Devices at Risk…

Share Button
Read More
| by Arround The Web

TLStorm 2.0: Critical Bugs in Widely-Used Aruba, Avaya Network Switches

Armis researchers have discovered five critical vulnerabilities in the implementation of TLS communications, collectively dubbed TLStorm 2.0. Learn more here.
The post TLStorm 2.0: Critical Bugs in Widely-Used Aruba, Avaya Network Switches appeared fir…

Share Button
Read More