π’ The governmentβs anti-encryption campaign shows itβs learned nothing from the war on drugs π’
π Read
via "ITPro".
Criminalisation has almost always backfired through history, pushing illicit materials further into the hands of criminalsπ Read
via "ITPro".
IT PRO
The governmentβs anti-encryption campaign shows itβs learned nothing from the war on drugs | IT PRO
Criminalisation has almost always backfired through history, pushing illicit materials further into the hands of criminals
βΌ CVE-2022-21933 βΌ
π Read
via "National Vulnerability Database".
ASUS VivoMini/Mini PC device has an improper input validation vulnerability. A local attacker with system privilege can use system management interrupt (SMI) to modify memory, resulting in arbitrary code execution for controlling the system or disrupting service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0326 βΌ
π Read
via "National Vulnerability Database".
NULL Pointer Dereference in Homebrew mruby prior to 3.2.π Read
via "National Vulnerability Database".
ποΈ BitLocker encryption: Clear text key storage prompts security debate online ποΈ
π Read
via "The Daily Swig".
Many are questioning why keys are saved in the clear ahead of sign-inπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
BitLocker encryption: Clear text key storage prompts security debate online
Many are questioning why keys are saved in the clear ahead of sign-in
βΌ CVE-2022-0318 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in Conda vim prior to 8.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0329 βΌ
π Read
via "National Vulnerability Database".
Code Injection in Conda loguru prior to master.π Read
via "National Vulnerability Database".
ποΈ Open debug mode in Cisco mobile networking software created critical security hole ποΈ
π Read
via "The Daily Swig".
Patch issued after testing engineers uncover RCE threatπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Open debug mode in Cisco mobile networking software created critical security hole
Patch issued after testing engineers uncover RCE threat
β Spyware Blitzes Compromise, Cannibalize ICS Networks β
π Read
via "Threat Post".
The brief spearphishing campaigns spread malware and use compromised networks to steal credentials that can be sold or used to commit financial fraud.π Read
via "Threat Post".
Threat Post
Spyware Blitzes Compromise, Cannibalize ICS Networks
The brief spearphishing campaigns spread malware and use compromised networks to steal credentials that can be sold or used to commit financial fraud.
π΄ Looking Beyond Biden's Binding Security Directive π΄
π Read
via "Dark Reading".
Implementing these and other security procedures will greatly improve the security posture of the United States and its private partners.π Read
via "Dark Reading".
Dark Reading
Looking Beyond Biden's Binding Security Directive
Implementing these and other security procedures will greatly improve the security posture of the United States and its private partners.
βΌ CVE-2022-0319 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Read in Conda vim prior to 8.2.π Read
via "National Vulnerability Database".
βΌ CVE-2020-19858 βΌ
π Read
via "National Vulnerability Database".
Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerability. The attack could remote attack victim by sending http://ip:port/../privacy.avi URL to compromise a victim's privacy.π Read
via "National Vulnerability Database".
βΌ CVE-2020-19860 βΌ
π Read
via "National Vulnerability Database".
When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload.π Read
via "National Vulnerability Database".
ποΈ Was COMELEC hacked? Philippines Commission on Elections casts doubt on data breach claims ποΈ
π Read
via "The Daily Swig".
Local newspaper alleges that usernames and PINs of vote-counting machines were stolenπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Was COMELEC hacked? Philippines Commission on Elections casts doubt on data breach claims
Local newspaper alleges that usernames and PINs of vote-counting machines were stolen
β S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript] β
π Read
via "Naked Security".
Latest epsiode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript]
Latest epsiode β listen now!
ποΈ European Commission launches new open source software bug bounty program ποΈ
π Read
via "The Daily Swig".
Hackers are invited to test services used by EU agenciesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
European Commission launches new open source software bug bounty program
Hackers are invited to test services used by EU agencies
β Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft β
π Read
via "Naked Security".
The company has put out a brief security report that summarises the 'what', but not yet the 'how' or 'why'.π Read
via "Naked Security".
Naked Security
Cryptocoin broker Crypto.com says 2FA bypass led to $35m theft
The company has put out a brief security report that summarises the βwhatβ, but not yet the βhowβ or βwhyβ.
βΌ CVE-2021-46201 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Sourcecodester Online Resort Management System 1.0 via the id parameterv in /orms/ node.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40855 βΌ
π Read
via "National Vulnerability Database".
The EU Technical Specifications for Digital COVID Certificates before 1.1 mishandle certificate governance. A non-production public key certificate could have been used in production.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46200 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Sourcecodester Simple Music Clour Community System 1.0 via the email parameter in /music/ajax.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46307 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-35003 βΌ
π Read
via "National Vulnerability Database".
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer C90 1.0.6 Build 20200114 rel.73164(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14655.π Read
via "National Vulnerability Database".