rdela, 1 month ago to apple

Risky Biz News: #Sisense breach has CISA and everyone else panicking

In other news: #Apple sends mercenary #spyware notifications in 92 countries; US prepares a full #Kasperksy ban; #BatBadBut bug impacts multiple programming languages.
@campuscodi
https://news.risky.biz/risky-biz-news-sisense-breach-has-cisa-and-everyone-else-panicking/

ethauvin, 1 month ago to rust

Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks

#batbadbut #cve #rustlang

https://thehackernews.com/2024/04/critical-batbadbut-rust-vulnerability.html?utm_medium=erik.in&utm_source=mastodon

83r71n, 1 month ago to Cybersecurity

A critical vulnerability, named BatBadBut, was discovered in the Rust programming language, affecting not just Rust but also Erlang, Go, Python, Ruby, and potentially others. This vulnerability, with a severity score of 10/10, could allow attackers to execute arbitrary commands on Windows systems by exploiting how Rust handles batch files. The issue arises from Rust's standard library improperly escaping arguments when invoking batch files on Windows, leading to potential command injection. The vulnerability has been addressed with a fix in Rust version 1.77.2, which developers are urged to update to. Other programming languages and systems, including Node.js, PHP, and Java, are also affected and are working on patches.

https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/

https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html

#cybersecurity #rust #batbadbut #vulnerability #erlang #go #python #ruby #nodejs #php #java #windows #commandinjection #RyotaK #Grub4K #flattsecurity