🛡 Cybersecurity & Privacy 🛡 - News

2021-08-31 21:33:59 CVE-2021-39164

Matrix is an ecosystem for open federated Instant Messaging and Voice over IP. In versions 1.41.0 and prior, unauthorised users can access the membership (list of members, with their display names) of a room if they know the ID of the room. The vulnerability is limited to rooms with `shared` history visibility. Furthermore, the unauthorised user must be using an account on a vulnerable homeserver that is in the room. Server administrators should upgrade to 1.41.1 or later in order to receive the patch. One workaround is available. Administrators of servers that use a reverse proxy could, with potentially unacceptable loss of functionality, block the endpoints: `/_matrix/client/r0/rooms/{room_id}/members` with `at` query parameter, and `/_matrix/client/unstable/rooms/{room_id}/members` with `at` query parameter.

Read

via "National Vulnerability Database". Open / Comment

2021-08-31 20:14:36 Skimming the CREAM – recursive withdrawals loot $13M in cryptocash

Recursion [noun]: see recursion.

Read

via "Naked Security". Open / Comment

2021-08-31 20:14:35 Big bad decryption bug in OpenSSL – but no cause for alarm

The buggy code's in there, alright. Fortunately, it's hard to get OpenSSL to use it even if you want to, which mitigates the risk.

Read

via "Naked Security". Open / Comment

2021-08-31 20:11:38 Data compliance: "The world is still waking up to the challenges ahead," expert says

Bringing together siloed data from all parts of the business is a huge challenge to IT departments when meeting compliance requirements.

Read

via "Tech Republic". Open / Comment

2021-08-31 20:11:36 Data privacy, governance and insights are all important obligations for businesses

Expert: Information management can also lead to a massive value proposition in being able to tap into governed data for business insights.

Read

via "Tech Republic". Open / Comment

2021-08-31 19:36:38 GNU Privacy Guard 2.2.30

GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.

Read

via "Packet Storm Security". Open / Comment

2021-08-31 19:36:36 Hashcat Advanced Password Recovery 6.2.4 Binary Release

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.

Read

via "Packet Storm Security". Open / Comment

2021-08-31 19:36:34 Flawfinder 2.0.19

Flawfinder searches through source code for potential security flaws, listing potential security flaws sorted by risk, with the most potentially dangerous flaws shown first. This risk level depends not only on the function, but on the values of the parameters of the function.

Read

via "Packet Storm Security". Open / Comment

2021-08-31 19:36:32 Hashcat Advanced Password Recovery 6.2.4 Source Code

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.

Read

via "Packet Storm Security". Open / Comment

2021-08-31 19:36:30 Dr Checker 4 Linux

This is an LLVM based tool to audit Linux kernel module security using both pointer and taint analyses that are flow-sensitive, context-sensitive, and fieldsensitive on kernel drivers. It is port of Dr. Checker.

Read

via "Packet Storm Security". Open / Comment