[HackerNews] Squirrel Engine Bug Could Let Attackers Hack Games and Cloud Services

Researchers have disclosed an out-of-bounds read vulnerability in the Squirrel programming language that can be abused by attackers to break out of the sandbox restrictions and execute arbitrary code within a SquirrelVM, thus giving a malicious actor complete access to the underlying machine. 
Tracked as CVE-2021-41556, the issue occurs when a game library referred to as Squirrel Engine is used

Source: Read More (The Hacker News)

You might be interested in …

[HackerNews] Reduce Business Risk By Fixing 3 Critical Endpoint-to-Cloud Security Requirements

All posts, HackerNews

Enterprise applications used to live securely in data centers and office employees connected to internal networks using company-managed laptops or desktops. And data was encircled by a walled perimeter to keep everything safe. All that changed in the last 18 months. Businesses and employees had to adapt quickly to cloud technology and remote work. The […]

Read More

[SANS ISC] Can you make the Great Chinese Firewall work for you?, (Tue, Oct 19th)

All posts, Sans-ISC

ve often been cited as being blocked. Adding them to the mail server’s banner should also expose them before, for example, STARTTLS is activated. I used my mail server as an example for several reasons: It receives almost no actual email, but pretty much only spam. A large number of brute-forcing and other connections to […]

Read More

[SecurityWeek] White House Publishes Federal Zero Trust Strategy

All posts, Security Week

read more Source: Read More (SecurityWeek RSS Feed)

Read More