Security Leftovers
-
Sleuth Untrusted USB Communication With USBValve
USB devices are now ubiquitous and, from an information security standpoint, this is a terrifying prospect as malicious software can potentially be injected into a system by plugging in a compromised USB stick. To help get some piece of mind, [Cesare Pizzi] created USBValve to help expose suspicious USB activity on the fly.
-
Severe Django ReDoS Bug Fixed
It was discovered that in Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attacks via a vast number of domain name labels of emails and URLs (CVE-2023-36053).
-
GPAC DoS, Code Execution Flaws Fixed
Multiple severe security issues were discovered in the GPAC multimedia framework, including a heap-based Buffer Overflow in the GitHub repository gpac/gpac before V2.1.0-DEV (CVE-2023-0760) and a NULL Pointer Dereference in the GitHub repository gpac/gpac before 2.2.2 (CVE-2023-3012). These vulnerabilities have received a National Vulnerability Database base score of 7.8 out of 10 (''High'' severity).
-
Microsoft breach: sec experts say vendors should not charge logging tax
Well-known American security expert Jake Williams has weighed in on the recent breach of Microsoft's cloud at a number of government agencies, saying that it was not acceptable that any security provider should charge a logging tax.
-
'METIOR' Defense Blueprint Against Side-Channel Vulnerabilities Debuts
A research team with MIT has put forward a side-channel attack mitigation framework that aims to objectively and quantitatively measure the impact of certain known and unknown side-channel attacks. 'METIOR' aims to bring cybersecurity closer to the chip design space.