FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
☐ β˜† βœ‡ Naked Security

JavaScript bugs aplenty in Node.js ecosystem – found automatically

By: Paul Ducklin β€” August 30th 2022 at 16:59
How to get the better of bugs in all the possible packages in your supply chain?

☐ β˜† βœ‡ Naked Security

Critical cryptographic Java security blunder patched – update now!

By: Paul Ducklin β€” April 20th 2022 at 16:43
Either know the private key and use it scrupulously in your digital signature calculation.... or just send a bunch of zeros instead.

☐ β˜† βœ‡ Naked Security

β€œVMware Spring Cloud Function” Java bug gives instant remote code execution – update now!

By: Paul Ducklin β€” March 30th 2022 at 20:38
Easy unauthenticated remote code execution - PoC code already out

☐ β˜† βœ‡ Naked Security

JavaScript developer destroys own projects in supply chain β€œlesson”

By: Paul Ducklin β€” January 11th 2022 at 00:54
Two popular open source JavaScript packages recently got "hacked" in a symbolic gesture by the original project creator.

☐ β˜† βœ‡ Naked Security

Log4Shell-like security hole found in popular Java SQL database engine H2

By: Paul Ducklin β€” January 7th 2022 at 16:32
"It's Log4Shell, Jim, but not as we know it." How to find and fix a JNDI-based vuln in the H2 Database Engine.

☐ β˜† βœ‡ Naked Security

Log4Shell vulnerability Number Four: β€œMuch ado about something”

By: Paul Ducklin β€” December 29th 2021 at 16:12
It's a Log4j bug, and you ought to patch it. But we don't think it's a critical crisis like the last one.

☐ β˜† βœ‡ Naked Security

β€œLog4Shell” Java vulnerability – how to safeguard your servers

By: Paul Ducklin β€” December 10th 2021 at 16:22
Just when you thought it was safe to relax for the weekend... a critical bug showed up in Apache's Log4j product

❌