Update 10/8/2023 Data carrier indicated that there was a failure of one of their core routers. They have replaced it […]
All posts by admin
Lastpass: Hackers stole customer vault data in cloud storage breach
LastPass revealed today that attackers stole customer vault data after breaching its cloud storage earlier this year using information stolen during an August 2022 incident.
VU#730793: Heimdal Kerbos vulnerable to remotely triggered NULL pointer dereference
Overview
The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash.
Description
A flawed logical condition allows a malicious actor to remotely trigger a NULL pointer dereference using a crafted negTokenInit token.
Impact
An attacker can use a specially crafted network packet to cause a vulnerable application to crash.
Solution
The latest version of code in the Heimdal master branch fixes the issue. However, the current stable release 7.7.0 does not include the fix.
Acknowledgements
Thanks to the International Continence Society for reporting this issue.
This document was written by Kevin Stephens.
Beware of Caller ID Spoofing
You may not be able to tell right away if an incoming call is spoofed. Be extremely careful about responding to any request for personal identifying information.
5 Types of Remote Access Hacking Exploited During COVID-19
With the rise of a remote working population, “remote hackers” have been re-emerging as well. These remote hackers take advantage […]
Wormhole cryptotrading company turns over $340,000,000 to criminals
This week, cryptocurrency company Wormhole lived up to its name by exposing an exploitable vulnerability that apparently allowed cybercriminals to run off with an eye-watering 120,000 Ether tokens.
Elementor WordPress plugin has a gaping security hole – update now
If you run a WordPress site and you use the Elementor website creation toolkit, you could be at risk of a security hole that combines data leakage and remote code execution.
5 TIPS FOR SPOTTING PHISHING EMAIL
5 TIPS FOR SPOTTING PHISHING EMAIL Every day countless phishing emails are sent to unsuspecting victims. While some of these [...]
Read more
April COVID 19 Update
First and foremost, we hope that this update finds you and your friends and family safe, healthy and secure. At […]
COVID-19 Update
We want to extend a personal note to all of our vendors and customers to let you know how we, […]
Recent Posts
-
VU#253266: Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models
-
VU#123335: Multiple programming languages fail to escape arguments properly in Microsoft Windows
-
VU#155143: Linux kernel on Intel systems is susceptible to Spectre v2 attacks
-
VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks
-
VU#417980: Implementations of UDP-based application protocols are vulnerable to network loops