CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
January 17th, 2025 (6 months ago)
|
CVE-2024-48460 |
Description: An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the server and sends the SSH username and password even when the host key verification fails.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-48460
https://github.com/Eugeny/tabby/issues/9955
https://github.com/Eugeny/tabby/commit/1c077147acd0a6ec9f8ee80d83a3e9688fbb9444
https://github.com/advisories/GHSA-8vq4-8hfp-29xh
EPSS Score: 0.04%
January 17th, 2025 (6 months ago)
|
|
|
Description: Impact
Enabling frame-ancestors: 'self' grants any JupyterHub user the ability to extract formgrader content by sending malicious links to users with access to formgrader, at least when using the default JupyterHub configuration of enable_subdomains = False.
#1915 disables a protection which would allow user Alice to craft a page embedding formgrader in an IFrame. If Bob visits that page, his credentials will be sent and the formgrader page loaded. Because Alice's page is on the same Origin as the formgrader iframe, Javasript on Alice's page has full access to the contents of the page served by formgrader using Bob's credentials.
Workarounds
Disable frame-ancestors: self, or
enable per-user and per-service subdomains with JupyterHub.enable_subdomains = True (then even if embedding in an IFrame is allowed, the host page does not have access to the contents of the frame).
References
JupyterHub documentation on why and when frame-ancestors: self is insecure, and why it was disabled by default: https://jupyterhub.readthedocs.io/en/stable/explanation/websecurity.html#:~:text=frame-ancestors
References
https://github.com/jupyter/nbgrader/security/advisories/GHSA-fcr8-4r9f-r66m
https://github.com/jupyter/nbgrader/pull/1915
https://github.com/jupyter/nbgrader/commit/73e137511ac1dc02e95790d4fd6d4d88dab42325
https://jupyterhub.readthedocs.io/en/stable/explanation/websecurity.html
https://github.com/advisories/GHSA-fcr8-4r9f-r66m
January 17th, 2025 (6 months ago)
|
|
|
Description: This is Behind the Blog, where we share our behind-the-scenes thoughts about how a few of our top stories of the week came together. This week, we discuss joylessness in the AI industry and the TikTok ban.
January 17th, 2025 (6 months ago)
|
|
|
Description: The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned Yin Kecheng, a Shanghai-based hacker for his role in the recent Treasury breach and a company associated with the Salt Typhoon threat group. [...]
January 17th, 2025 (6 months ago)
|
|
|
Description: Microsoft has fixed a known issue that caused Microsoft 365 applications and Classic Outlook to crash on Windows Server 2016 or Windows Server 2019 systems. [...]
January 17th, 2025 (6 months ago)
|
|
|
Description: The Federal Communications Commission (FCC) has ordered U.S. telecommunications carriers to secure their networks following last year's Salt Typhoon security breaches. [...]
January 17th, 2025 (6 months ago)
|
|
|
Description: On Wednesday, Google pushed various Gemini capabilities to business and enterprise customers, including the ability to summarize the contents of emails.
January 17th, 2025 (6 months ago)
|
|
|
Description: Security researcher Simone Margaritelli has publicly disclosed a critical vulnerability in Apple’s Common UNIX Printing System (CUPS), revealing that the service fails to verify TLS certificates. This flaw allows attackers on the same network to impersonate IPP-over-HTTPS (IPPS) printers and intercept, modify, or redirect print jobs — potentially exposing sensitive data and enabling broader system …
The post Apple’s CUPS Printing System Vulnerable to Spoofing Attacks appeared first on CyberInsider.
January 17th, 2025 (6 months ago)
|
|
|
January 17th, 2025 (6 months ago)
|