Tux Machines

Security Leftovers

Posted by Roy Schestowitz on Jul 17, 2023

Sleuth Untrusted USB Communication With USBValve

USB devices are now ubiquitous and, from an information security standpoint, this is a terrifying prospect as malicious software can potentially be injected into a system by plugging in a compromised USB stick. To help get some piece of mind, [Cesare Pizzi] created USBValve to help expose suspicious USB activity on the fly.

Severe Django ReDoS Bug Fixed

It was discovered that in Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attacks via a vast number of domain name labels of emails and URLs (CVE-2023-36053).

GPAC DoS, Code Execution Flaws Fixed

Multiple severe security issues were discovered in the GPAC multimedia framework, including a heap-based Buffer Overflow in the GitHub repository gpac/gpac before V2.1.0-DEV (CVE-2023-0760) and a NULL Pointer Dereference in the GitHub repository gpac/gpac before 2.2.2 (CVE-2023-3012). These vulnerabilities have received a National Vulnerability Database base score of 7.8 out of 10 (''High'' severity).

Microsoft breach: sec experts say vendors should not charge logging tax

Well-known American security expert Jake Williams has weighed in on the recent breach of Microsoft's cloud at a number of government agencies, saying that it was not acceptable that any security provider should charge a logging tax.

'METIOR' Defense Blueprint Against Side-Channel Vulnerabilities Debuts

A research team with MIT has put forward a side-channel attack mitigation framework that aims to objectively and quantitatively measure the impact of certain known and unknown side-channel attacks. 'METIOR' aims to bring cybersecurity closer to the chip design space.