Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Mar 29, 2023

=> today's howtos | Android Leftovers

CVE-2023-28755: ReDoS vulnerability in URI

=> ↺ CVE-2023-28755: ReDoS vulnerability in URI

We have released the uri gem version 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1 that has a security fix for a ReDoS vulnerability. This vulnerability has been assigned the CVE identifier CVE-2023-28755.

=> ↺ CVE-2023-28755

A ReDoS issue was discovered in the URI component. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects.

The uri gem version 0.12.0, 0.11.0, 0.10.1, 0.10.0 and all versions prior 0.10.0 are vulnerable for this vulnerability.

=> ↺ CVE-2023-28755

Hackers used spyware made in Spain to target users in the UAE, Google says | TechCrunch

=> ↺ Hackers used spyware made in Spain to target users in the UAE, Google says | TechCrunch

Security researchers say they have seen hackers targeting victims using spyware developed by a Spanish company.

New Zealand intelligence agencies concerned over foreign nation cyberattacks

=> ↺ New Zealand intelligence agencies concerned over foreign nation cyberattacks

The New Zealand Intelligence and Security Committee Monday held its annual review, with cyberattacks being the primary concern across reports.

Twitter source code leaked on GitHub has been removed [Ed: Microsoft deletes code again... for Elon Musk and Saudi dictators ]

=> ↺ Twitter source code leaked on GitHub has been removed

A portion of the social media site’s source code was posted on GitHub shortly after widespread layoffs at Twitter.

Security Vulnerabilities in Snipping Tools [Ed: Microsoft TCO]

=> ↺ Security Vulnerabilities in Snipping Tools

Both Google's Pixel's Markup Tool and the Windows Snipping Tool have vulnerabilities that allow people to partially recover content that was edited out of images.

=> ↺ Google's Pixel's Markup Tool | ↺ Windows Snipping Tool

=> ↺ Google's Pixel's Markup Tool | ↺ Windows Snipping Tool

Network Data Collector Placement Makes a Difference, (Tue, Mar 28th)

=> ↺ Network Data Collector Placement Makes a Difference, (Tue, Mar 28th)

A previous diary [1] described processing some local PCAP data with Zeek. This data was collected using tcpdump on a DShield Honeypot. When looking at the Zeek connection logs, the connection state information was unexpected. To help understand why, we will compare data from different locations on the network and process the data in a similar way.

=> gemini.tuxmachines.org