![]() |
Description: Come learn how to pry government records from the new Trump administration.
January 13th, 2025 (6 months ago)
|
![]() |
Description: Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. [...]
January 13th, 2025 (6 months ago)
|
![]() |
Description: Dread Pirate Roberts, of the original Silk Road, makes a post about "Why Claims are dangerous to believe."
January 13th, 2025 (6 months ago)
|
![]() |
January 13th, 2025 (6 months ago)
|
![]() |
Description: A Threat Actor Claims to be Selling Data of Insurgentes University
January 13th, 2025 (6 months ago)
|
![]() |
Description: Threat actors are targeting people searching for pirated or cracked software with fake downloaders that include infostealing malware such as Lumma and Vidar.
January 13th, 2025 (6 months ago)
|
![]() |
Description: New insights into the Gravy Analytics data breach reveal the vast extent of the company’s location-tracking operations and the potential for user de-anonymization. The leaked data, part of a 10 TB dataset, exposes the granular details of individuals’ movements and raises fresh concerns about the security and ethics of location data collection. Looking into the …
The post Leaked Gravy Analytics Data Expose Scale of Location Tracking appeared first on CyberInsider.
January 13th, 2025 (6 months ago)
|
![]() |
Description: Summary
The issue was identified during Quarkslab's security audit on the Certificate Revocation List (CRL) based revocation check feature.
After retrieving the CRL, notation-go attempts to update the CRL cache using the os.Rename method. However, this operation may fail due to operating system-specific limitations, particularly when the source and destination paths are on different mount points. This failure could lead to an unexpected program termination.
Details
In method crl.(*FileCache).Set, a temporary file is created in the OS dedicated area (like /tmp for, usually, Linux/Unix). The file is written and then it is tried to move it to the dedicated notation cache directory thanks os.Rename. As specified in Go documentation, OS specific restriction may apply. When used with Linux OS, it is relying on rename syscall from the libc and as per the documentation, moving a file to a different mountpoint raises an EXDEV error, interpreted as Cross device link not permitted error.
Some Linux distribution, like RedHat use a dedicated filesystem (tmpfs), mounted on a specific mountpoint (usually /tmp) for temporary files. When using such OS, revocation check based on CRL will repeatedly crash notation.
PoC
Ensure that the temporary file storage area (e.g., /tmp) is mounted on a different mount point than the user's 'notation' cache directory.
Either disable the Online Certificate Status Protocol (OCSP) revocation check, or utilize certificates that exclusively support Certific...
January 13th, 2025 (6 months ago)
|
![]() |
Description: This issue was identified during Quarkslab's audit of the timestamp feature.
Summary
During the timestamp signature generation, the revocation status of the certificate(s) used to generate the timestamp signature was not verified.
Details
During timestamp signature generation, notation-go did not check the revocation status of the certificate chain used by the TSA. This oversight creates a vulnerability that could be exploited through a Man-in-The-Middle attack. An attacker could potentially use a compromised, intermediate, or revoked leaf certificate to generate a malicious countersignature, which would then be accepted and stored by notation.
Impact
This could lead to denial of service scenarios, particularly in CI/CD environments during signature verification processes because timestamp signature would fail due to the presence of a revoked certificate(s) potentially disrupting operations.
References
https://github.com/notaryproject/notation-go/security/advisories/GHSA-45v3-38pc-874v
https://github.com/notaryproject/notation-go/commit/e99be1954a15673020150c5f8800b8174cd7428d
https://github.com/advisories/GHSA-45v3-38pc-874v
January 13th, 2025 (6 months ago)
|
![]() |
Description: DEFACER KAMPUNG Targeted the Website of HARDZON
January 13th, 2025 (6 months ago)
|