Popular JWT cloud security library patches “remote” code execution hole

It’s remotely triggerable, but attackers would already have pretty deep network access if they could “prime” your server for compromise.
Want to know more about this topic or about us? Contact us!
It’s remotely triggerable, but attackers would already have pretty deep network access if they could “prime” your server for compromise.
Lots of fixes, with data leakage flaws and code execution bugs patched on iPhones, Macs and even Windows.
That infamous “supercookie” bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.
Just when you thought it was safe to relax for the weekend… a critical bug showed up in Apache’s Log4j product
“It is a matter of time before working exploits are available,” warns VMware.
Got Linux? Here’s a bug you weren’t expecting, in software you might not know you have.
by Paul Ducklin Here’s another BWAIN, which is our shorthand for Bug With An Impressive Name. That’s the abbreviation we use for bugs that end up with names, logos and even dedicated websites that are catchy, cool, fancy, important or dramatic, and sometimes even all of these at the same . . . Read more
by Paul Ducklin As you know, our usual advice for Patch Tuesday boils down to four words, “Patch early, patch often.” There were 56 newly-reported vulnerabilities fixed in this month’s patches from Microsoft, with four of them offering attackers the chance of finding remote code execution (RCE) exploits. Remote code . . . Read more
by Paul Ducklin Bug hunter Tavis Ormandy of Google’s Project Zero just discovered a dangerous bug in the GNU Privacy Guard team’s libgcrypt encryption software. The libgcrypt library is an open-source toolkit that anyone can use, but it’s probably best known as the encryption library used by the GNU Privacy . . . Read more
by Paul Ducklin Apple, rather unusually in today’s cybersecurity world, rarely announces that security fixes are on the way. There’s no equivalent of Microsoft’s Patch Tuesday, which is a regular and predictable fixture in anyone’s cybersecurity calendar; there’s no “new version every fourth Tuesday” as there is with Firefox; there’s . . . Read more