Massive Zero-Day Hole Found in Palo Alto Security Appliances
Researchers have a working exploit for the vulnerability (now patched), which allows for unauthenticated RCE and affects an estimated 70,000+ VPN/firewalls.
Researchers have developed a working exploit to gain...
Critical Citrix DDoS Bug Shuts Down Network, Cloud App Access
The distributed computing vendor patched the flaw, affecting Citrix ADC and Gateway, along with another flaw impacting availability for SD-WAN appliances.
A critical security bug in the Citrix Application Delivery...
Technical Advisory – Arbitrary Signature Forgery in Stark Bank ECDSA Libraries (CVE-2021-43572, CVE-2021-43570, CVE-2021-43569,...
Vendor: Stark Bank's open-source ECDSA cryptography libraries
Vendor URL: https://starkbank.com/, https://github.com/starkbank/
Versions affected:
- ecdsa-python (https://github.com/starkbank/ecdsa-python) v2.0.0
- ecdsa-java (https://github.com/starkbank/ecdsa-java) v1.0.0
- ecdsa-dotnet (https://github.com/starkbank/ecdsa-dotnet) v1.3.1
- ecdsa-elixir (https://github.com/starkbank/ecdsa-elixir) v1.0.0
- ecdsa-node (https://github.com/starkbank/ecdsa-node) v1.1.2
Author: Paul Bottinelli...
Multiple BusyBox Security Bugs Threaten Embedded Linux Devices
Researchers discovered 14 vulnerabilities in the ‘Swiss Army Knife’ of the embedded OS used in many OT and IoT environments. They allow RCE, denial of service and data leaks.
Researchers...
Technical Advisory – Arbitrary Signature Forgery in Stark Bank ECDSA Libraries
Vendor: Stark Bank's open-source ECDSA cryptography libraries
Vendor URL: https://starkbank.com/, https://github.com/starkbank/
Versions affected:
- ecdsa-python (https://github.com/starkbank/ecdsa-python) v2.0.0
- ecdsa-java (https://github.com/starkbank/ecdsa-java) v1.0.0
- ecdsa-dotnet (https://github.com/starkbank/ecdsa-dotnet) v1.3.1
- ecdsa-elixir (https://github.com/starkbank/ecdsa-elixir) v1.0.0
- ecdsa-node (https://github.com/starkbank/ecdsa-node) v1.1.2
Author: Paul Bottinelli...
US Bans Trade With Pegasus Spyware Maker
NSO Group plans to fight the trade ban, saying it’s “dismayed” and clinging to the mantra that its tools actually help to prevent terrorism and crime.
NSO Group –...
BrakTooth Bluetooth Bugs Bite: Exploit Code, PoC Released
CISA is urging vendors to patch, given the release of public exploit code & a proof of concept tool for bugs that open billions of devices – phones, PCs,...
Critical Linux Kernel Bug Allows Remote Takeover
The bug (CVE-2021-43267) exists in a TIPC message type that allows Linux nodes to send cryptographic keys to each other.
A critical heap-overflow security vulnerability in the Transparent Inter Process...
Android Patches Actively Exploited Zero-Day Kernel Bug
Google’s Android November 2021 security updates plug 18 flaws in the framework and system components and 18 more in the kernel and vendor components.
Among Google’s November Android security updates is...
Pirate Sports Streamer Gets Busted, Pivots to MLB Extortion
An alleged sports content pirate is accused of not only hijacking leagues’ streams but also threatening to tell reporters how he accessed their systems.
Demanding payment in exchange for...
