#thisweekinsecurity

rixty_dixet@squeet.me

#ThisWeekinSecurity: #Oracle #Opera, #Passkeys, and #AirTag #RFC

Bild/Foto

There’s a problem with Opera. No, not that kind of opera. The Oracle kind. Oracle OPERA is a Property Management Solution (PMS) that is in use in a bunch of big-name hotels around the world. The PMS is the system that handles reservations and check-ins, talks to the phone system to put room extensions in the proper state, and generally runs the back-end of the property. It’s old code, and handles a bunch of tasks. And researchers at Assetnote found a serious vulnerability. CVE-2023-21932 is an arbitrary file upload issue, and rates at least a 7.2 CVSS.

https://hackaday.com/2023/05/05/this-week-in-security-oracle-opera-passkeys-and-airtag-rfc/

rixty_dixet@squeet.me

#ThisWeekInSecurity: #Git #Deep #Dive, #Mailchimp, and #SPF

Bild/Foto

First up, git has been audited. This was an effort sponsored by the Open Source Technology Improvement Fund (OSTIF), a non-profit working to improve the security of Open Source projects. The audit itself was done by researchers from X41 and GitLab, and two critical vulnerabilities were found, both caused by the same bad coding habit — using an int to hold buffer lengths.

https://hackaday.com/2023/01/20/this-week-in-security-git-deep-dive-mailchimp-and-spf/ #ThisWeekInSecurity