Patch Tuesday, October 2024 Edition

Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes across a range of products, and Apple has addressed a bug in its new macOS 15 “Sequoia” update that broke many cybersecurity tools. Continue reading Patch Tuesday, October 2024 Edition

Is path traversal a valid vulnerability valid for a windows desktop application?

I am having a small .NET console application that the user launches on its local machine, passing a path argument to which the application is writing a file.
Can this be considered a path traversal vulnerability?
I was thinking this is not… Continue reading Is path traversal a valid vulnerability valid for a windows desktop application?

Is XML Encryption 1.1 Key Agreement test cases decryption possible in .NET? [closed]

I have asked this already on Stack Overflow, but got a suggestion to ask in this community too.
I’m working on implementing an XML encrypting / decrypting application in .NET with support for ECDH-ES because clients will use EC key pairs t… Continue reading Is XML Encryption 1.1 Key Agreement test cases decryption possible in .NET? [closed]

Whats the safest way to store 2fa/mfa secret key in database?

I try to implement a secure user login in my .net application. The first password is hashed with argon2id. The salt and the hashed password is stored in a database. SSL encryption and HttpOnly Cookie is used.
Now i want to add a multifacto… Continue reading Whats the safest way to store 2fa/mfa secret key in database?