Last Years Open Source – Tomorrow’s Vulnerabilities

Last Years Open Source – Tomorrow’s Vulnerabilities

,

Linus Torvalds, the creator of Linux and Git, has his own law in software development, and it goes like this: « given enough eyeballs, all bugs are shallow. » This phrase puts the finger on the very principle of open source: the more, the merrier – if the code is easily available for anyone and everyone to fix bugs, it’s pretty safe. But is it? Or is the saying « all bugs are shallow » only true for

,

Linus Torvalds, the creator of Linux and Git, has his own law in software development, and it goes like this: « given enough eyeballs, all bugs are shallow. » This phrase puts the finger on the very principle of open source: the more, the merrier – if the code is easily available for anyone and everyone to fix bugs, it’s pretty safe. But is it? Or is the saying « all bugs are shallow » only true for

, ,
https://thehackernews.com/2022/11/last-years-open-source-tomorrows.html

Critical RCE Vulnerability Reported in ConnectWise Server Backup Solution

Critical RCE Vulnerability Reported in ConnectWise Server Backup Solution,

IT service management software platform ConnectWise has released Software patches for a critical security vulnerability in Recover and R1Soft Server Backup Manager (SBM).
The issue, characterized as a « neutralization of Special Elements in Output Used by a Downstream Component, » could be abused to result in the execution of remote code or disclosure of sensitive information.
ConnectWise’s

,

IT service management software platform ConnectWise has released Software patches for a critical security vulnerability in Recover and R1Soft Server Backup Manager (SBM).
The issue, characterized as a « neutralization of Special Elements in Output Used by a Downstream Component, » could be abused to result in the execution of remote code or disclosure of sensitive information.
ConnectWise’s

, ,
https://thehackernews.com/2022/11/critical-rce-vulnerability-reported-in.html

Fodcha DDoS Botnet Resurfaces with New Capabilities

Fodcha DDoS Botnet Resurfaces with New Capabilities,

The threat actor behind the Fodcha distributed denial-of-service (DDoS) botnet has resurfaced with new capabilities, researchers reveal.
This includes changes to its communication protocol and the ability to extort cryptocurrency payments in exchange for stopping the DDoS attack against a target, Qihoo 360’s Network Security Research Lab said in a report published last week.
Fodcha first came to

,

The threat actor behind the Fodcha distributed denial-of-service (DDoS) botnet has resurfaced with new capabilities, researchers reveal.
This includes changes to its communication protocol and the ability to extort cryptocurrency payments in exchange for stopping the DDoS attack against a target, Qihoo 360’s Network Security Research Lab said in a report published last week.
Fodcha first came to

, ,
https://thehackernews.com/2022/10/fodcha-ddos-botnet-resurfaces-with-new.html

Tips for Choosing a Pentesting Company

Tips for Choosing a Pentesting Company,

In today’s world of automated hacking systems, frequent data breaches and consumer protection regulations such as GDPR and PCI DSS, penetration testing is now an essential security requirement for organisations of all sizes. But what should you look for when choosing the right provider?
The sheer number of providers can be daunting, and finding one which can deliver a high-quality test at a

,

In today’s world of automated hacking systems, frequent data breaches and consumer protection regulations such as GDPR and PCI DSS, penetration testing is now an essential security requirement for organisations of all sizes. But what should you look for when choosing the right provider?
The sheer number of providers can be daunting, and finding one which can deliver a high-quality test at a

, ,
https://thehackernews.com/2022/10/tips-for-choosing-pentesting-company.html

Unofficial Patch Released for New Actively Exploited Windows MotW Vulnerability

Unofficial Patch Released for New Actively Exploited Windows MotW Vulnerability,

An unofficial patch has been made available for an actively exploited security flaw in Microsoft Windows that makes it possible for files signed with malformed signatures to sneak past Mark-of-the-Web (MotW) protections.
The fix, released by 0patch, arrives weeks after HP Wolf Security disclosed a Magniber ransomware campaign that targets users with fake security updates which employ a

,

An unofficial patch has been made available for an actively exploited security flaw in Microsoft Windows that makes it possible for files signed with malformed signatures to sneak past Mark-of-the-Web (MotW) protections.
The fix, released by 0patch, arrives weeks after HP Wolf Security disclosed a Magniber ransomware campaign that targets users with fake security updates which employ a

, ,
https://thehackernews.com/2022/10/unofficial-patch-released-for-new.html

Samsung Galaxy Store Bug Could’ve Let Hackers Secretly Install Apps on Targeted Devices

Samsung Galaxy Store Bug Could’ve Let Hackers Secretly Install Apps on Targeted Devices

,

A now-patched security flaw has been disclosed in the Galaxy Store app for Samsung devices that could potentially trigger remote command execution on affected phones.
The vulnerability, which affects Galaxy Store version 4.5.32.4, relates to a cross-site scripting (XSS) bug that occurs when handling certain deep links. An independent security researcher has been credited with reporting the issue

,

A now-patched security flaw has been disclosed in the Galaxy Store app for Samsung devices that could potentially trigger remote command execution on affected phones.
The vulnerability, which affects Galaxy Store version 4.5.32.4, relates to a cross-site scripting (XSS) bug that occurs when handling certain deep links. An independent security researcher has been credited with reporting the issue

, ,
https://thehackernews.com/2022/10/samsung-galaxy-store-bug-couldve-let.html

GitHub Repojacking Bug Could’ve Allowed Attackers to Takeover Other Users’ Repositories

GitHub Repojacking Bug Could’ve Allowed Attackers to Takeover Other Users’ Repositories

,

Cloud-based repository hosting service GitHub has addressed a high-severity security flaw that could have been exploited to create malicious repositories and mount supply chain attacks.
The RepoJacking technique, disclosed by Checkmarx, entails a bypass of a protection mechanism called popular repository namespace retirement, which aims to prevent developers from pulling unsafe repositories with

,

Cloud-based repository hosting service GitHub has addressed a high-severity security flaw that could have been exploited to create malicious repositories and mount supply chain attacks.
The RepoJacking technique, disclosed by Checkmarx, entails a bypass of a protection mechanism called popular repository namespace retirement, which aims to prevent developers from pulling unsafe repositories with

, ,
https://thehackernews.com/2022/10/github-repojacking-bug-couldve-allowed.html

Filtre anti-arnaque et cyberscore : les boucliers numériques du gouvernement pour renforcer notre cybersécurité

Filtre anti-arnaque et cyberscore : les boucliers numériques du gouvernement pour renforcer notre cybersécurité,

Filtre anti-arnaque et cyberscore : les boucliers numériques du gouvernement pour renforcer notre cybersécurité

Face à la « jungle » numérique, le gouvernement français entend développer un étiquetage de la sécurité des sites et services numériques. Ainsi qu’une extension pour navigateur chargée de lutter contre les arnaques en ligne.

,

Filtre anti-arnaque et cyberscore : les boucliers numériques du gouvernement pour renforcer notre cybersécurité

Face à la « jungle » numérique, le gouvernement français entend développer un étiquetage de la sécurité des sites et services numériques. Ainsi qu’une extension pour navigateur chargée de lutter contre les arnaques en ligne.

, ,
https://www.01net.com/actualites/filtre-anti-arnaque-et-cyberscore-les-boucliers-numeriques-du-gouvernement-pour-renforcer-notre-cybersecurite.html

Twilio Reveals Another Breach from the Same Hackers Behind the August Hack

Twilio Reveals Another Breach from the Same Hackers Behind the August Hack,

Communication services provider Twilio this week disclosed that it experienced another « brief security incident » in June 2022 perpetrated by the same threat actor behind the August hack that resulted in unauthorized access of customer information.
The security event occurred on June 29, 2022, the company said in an updated advisory shared this week, as part of its probe into the digital break-in

,

Communication services provider Twilio this week disclosed that it experienced another « brief security incident » in June 2022 perpetrated by the same threat actor behind the August hack that resulted in unauthorized access of customer information.
The security event occurred on June 29, 2022, the company said in an updated advisory shared this week, as part of its probe into the digital break-in

, ,
https://thehackernews.com/2022/10/twilio-reveals-another-breach-from-same.html

High-Severity Flaws in Juniper Junos OS Affect Enterprise Networking Devices

High-Severity Flaws in Juniper Junos OS Affect Enterprise Networking Devices,

Multiple high-severity security flaws have been disclosed as affecting Juniper Networks devices, some of which could be exploited to achieve code execution.
Chief among them is a remote pre-authenticated PHP archive file deserialization vulnerability (CVE-2022-22241, CVSS score: 8.1) in the J-Web component of Junos OS, according to Octagon Networks researcher Paulos Yibelo.
« This vulnerability

,

Multiple high-severity security flaws have been disclosed as affecting Juniper Networks devices, some of which could be exploited to achieve code execution.
Chief among them is a remote pre-authenticated PHP archive file deserialization vulnerability (CVE-2022-22241, CVSS score: 8.1) in the J-Web component of Junos OS, according to Octagon Networks researcher Paulos Yibelo.
« This vulnerability

, ,
https://thehackernews.com/2022/10/high-severity-flaws-in-juniper-junos-os.html