Curl | Breaking Cybersecurity News | The Hacker News

Image Source: JFrog Security Research Patches have been released for  two security flaws  impacting the Curl data transfer library, the most severe of which could potentially result in code execution. The list of vulnerabilities is as follows - CVE-2023-38545  (CVSS score: 7.5) - SOCKS5 heap-based buffer overflow vulnerability CVE-2023-38546  (CVSS score: 5.0) - Cookie injection with none file CVE-2023-38545 is the more severe of the two, and has been  described  by the project's lead developer, Daniel Stenberg, as "probably the worst Curl security flaw in a long time." It affects libcurl versions 7.69.0 to and including 8.3.0. "This flaw makes Curl overflow a heap-based buffer in the  SOCKS5  proxy handshake," the maintainers said in an advisory. "When Curl is asked to pass along the hostname to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by Curl itself, the maximum length that hostname can be is 255 bytes.&quo

The maintainers of the  Curl library  have released an advisory warning of two security vulnerabilities that are expected to be addressed as part of an forthcoming update set for release on October 11, 2023. This  includes  a high-severity and a low-severity flaw tracked under the identifiers CVE-2023-38545 and CVE-2023-38546, respectively. Additional details about the issues and the exact version ranges impacted have been withheld owing to the possibility that the information could be used to "help identify the problem (area) with a very high accuracy." That said, the "last several years" of versions of the library are said to be affected.  "Sure, there is a minuscule risk that someone can find this (again) before we ship the patch, but this issue has stayed undetected for years for a reason," Daniel Stenberg, the lead developer behind the project, said in a message posted on GitHub. Curl, powered by libcurl, is a  popular command-line tool  for tra

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.