#js

### Summary sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. ### Impact This bug impacts clients using any variation of KeylessVerifier.verify() Currently checkpoints are only used to ensure the root hash of an inclusion proof was provided by the log in question. Failing to validate that means a bundle may provide an inclusion proof that doesn't actually correspond to the log in question. This may eventually lead a monitor/witness being unable to detect when a compromised logs are providing different views of themselves to different clients. There are other mechanisms right now that mitigate this, such as the signed entry timestamp. Sigstore-java currently requires a valid signed entry timestamp. By correctly verifying the signed entry timestamp we can make certain assertions about the log signing the log entry (like the log was aware of the artifact signing event and signed it). Therefore the impact on clients...

Discover the future of eCommerce with bespoke app development. Learn how tailored solutions enhance user experience, security, and performance while empowering businesses to meet unique needs and gain a competitive edge.

Affected versions use deno_core releases that expose `Deno.core.ops.op_panic` to the JS runtime in the base core This function when called triggers a manual panic in the thread containing the runtime. It can be fixed by stubbing out the exposed op: ```javascript Deno.core.ops.op_panic = (msg) => { throw new Error(msg) }; ```

Affected versions use deno_core releases that expose `Deno.core.ops.op_panic` to the JS runtime in the base core This function when called triggers a manual panic in the thread containing the runtime, breaking sandboxing It can be fixed by stubbing out the exposed op: ```javascript Deno.core.ops.op_panic = (msg) => { throw new Error(msg) }; ```

Earlier today, a publish-access account was compromised for `@solana/web3.js`, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dapps, like bots, that handle private keys directly. This issue should not affect non-custodial wallets, as they generally do not expose private keys during transactions. This is not an issue with the Solana protocol itself, but with a specific JavaScript client library and only appears to affect projects that directly handle private keys and that updated within the window of 3:20pm UTC and 8:25pm UTC on Tuesday, December 3, 2024. These two unauthorized versions (1.95.6 and 1.95.7) were caught within hours and have since been unpublished. We are asking all Solana app developers to upgrade to version 1.95.8. Developers pinned to `latest` should also upgrade to 1.95.8. Developers that suspect t...

Cybersecurity researchers are alerting to a software supply chain attack targeting the popular @solana/web3.js npm library that involved pushing two malicious versions capable of harvesting users' private keys with an aim to drain their cryptocurrency wallets. The attack has been detected in versions 1.95.6 and 1.95.7. Both these versions are no longer available for download from the npm

A novel backdoor malware and a loader that customizes payload names for each victim have been added to the threat group's cybercriminal tool set.

The Acronis Cyber Protect appliance, in its default configuration, allows the anonymous registration of new protect/backup agents on new endpoints. This API endpoint also generates bearer tokens which the agent then uses to authenticate to the appliance. As the management web console is running on the same port as the API for the agents, this bearer token is also valid for any actions on the web console. This allows an attacker with network access to the appliance to start the registration of a new agent, retrieve a bearer token that provides admin access to the available functions in the web console. The web console contains multiple possibilities to execute arbitrary commands on both the agents (e.g., via PreCommands for a backup) and also the appliance (e.g., via a Validation job on the agent of the appliance). These options can easily be set with the provided bearer token, which leads to a complete compromise of all agents and the appliance itself.

This Metasploit module exploits a missing authentication vulnerability affecting FortiManager and FortiManager Cloud devices to achieve unauthenticated RCE with root privileges. The vulnerable FortiManager versions are 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, and 6.2.0 through 6.2.12. The vulnerable FortiManager Cloud versions are 7.4.1 through 7.4.4, 7.2.1 through 7.2.7, 7.0.1 through 7.0.12, and 6.4 (all versions).

Debian Linux Security Advisory 5815-2 - The update for needrestart announced as DSA 5815-1 introduced a regression reporting false positives for processes running in chroot or mountns. Updated packages are now available to correct this issue.