βΌ CVE-2021-44994 βΌ
π Read
via "National Vulnerability Database".
There is an Assertion ''JERRY_CONTEXT (jmem_heap_allocated_size) == 0'' failed at /jerry-core/jmem/jmem-heap.c in Jerryscript 3.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46478 βΌ
π Read
via "National Vulnerability Database".
Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiClearStack in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2021-46475 βΌ
π Read
via "National Vulnerability Database".
Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsi_ArraySliceCmd in src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2021-46482 βΌ
π Read
via "National Vulnerability Database".
Jsish v3.5.0 was discovered to contain a heap buffer overflow via NumberConstructor at src/jsiNumber.c.π Read
via "National Vulnerability Database".
π’ IT Pro News In Review: UK four-day working week, cyber crime in schools, GDPR fines of β¬1bn in 2021 π’
π Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutesπ Read
via "ITPro".
IT PRO
IT Pro News In Review: UK four-day working week, cyber crime in schools, GDPR fines of β¬1bn in 2021
Catch up on the biggest headlines of the week in just two minutes
π’ NCSC Cyber Essentials overhaul takes effect π’
π Read
via "ITPro".
Changes to the scope of the government-backed cyber security certification represent the biggest change since the scheme's launch in 2014π Read
via "ITPro".
IT PRO
NCSC Cyber Essentials overhaul takes effect | IT PRO
Changes to the scope of the government-backed cyber security certification represent the biggest change since the scheme's launch in 2014
π’ Crypto.com confirms $34 million hack caused by 2FA bypass exploit π’
π Read
via "ITPro".
The cryptocurrency exchange previously denied that any customers lost funds despite numerous reports from customers and analystsπ Read
via "ITPro".
IT PRO
Crypto.com confirms $34 million hack caused by 2FA bypass exploit | IT PRO
The cryptocurrency exchange previously denied that any customers lost funds despite numerous reports from customers and analysts
π’ Datto's cyber security team catalysed recent Infocyte acquisition π’
π Read
via "ITPro".
Datto said it will take its time integrating Infocyte's endpoint and cloud environment security technologyπ Read
via "ITPro".
IT PRO
Datto's cyber security team catalysed recent Infocyte acquisition | IT PRO
Datto said it will take its time integrating Infocyte's endpoint and cloud environment security technology
π’ UK Online Safety Bill a "missed opportunity", MPs claim π’
π Read
via "ITPro".
A DCMS report says the "unclear" draft legislation doesn't do enough to tackle child abuse and violence against women and girlsπ Read
via "ITPro".
IT PRO
UK Online Safety Bill a "missed opportunity", MPs claim | IT PRO
A DCMS report says the "unclear" draft legislation doesn't do enough to tackle child abuse and violence against women and girls
π’ Openreach offers Β£20,000 reward for information on stolen copper cables π’
π Read
via "ITPro".
Openreach head of Security Services Richard Ginnaw said that the thefts had βseverely impacted" the day-to-day lives of people in Cambridgeshireπ Read
via "ITPro".
IT PRO
Openreach offers Β£20,000 reward for information on stolen copper cables | IT PRO
Openreach head of Security Services Richard Ginnaw said that the thefts had βseverely impacted" the day-to-day lives of people in Cambridgeshire
βΌ CVE-2021-45340 βΌ
π Read
via "National Vulnerability Database".
In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45341 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0268 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to 1.7.28.π Read
via "National Vulnerability Database".
ποΈ California public office admits Covid-19 healthcare data breach ποΈ
π Read
via "The Daily Swig".
Some citizensβ personal information was available to view onlineπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
California public office admits Covid-19 healthcare data breach
Some citizensβ personal information was available to view online
β BRATA Android Trojan Updated with βKill Switchβ that Wipes Devices β
π Read
via "Threat Post".
Researchers identify three new versions of the banking trojan that include various new features, including GPS tracking and novel obfuscation techniques.π Read
via "Threat Post".
Threat Post
BRATA Android Trojan Updated with βKill Switchβ that Wipes Devices
Researchers identify three new versions of the banking trojan that include various new features, including GPS tracking and novel obfuscation techniques.
π΄ Tales from the Dark Web, Part 2: Ransomware Stacked With Distribution Services Creates the Perfect Storm π΄
π Read
via "Dark Reading".
Security professionals need to understand the actors behind ransomware threats, how they operate and how they continuously find new victims to targetπ Read
via "Dark Reading".
Dark Reading
Tales from the Dark Web, Part 2: Ransomware Stacked With Distribution Services Creates the Perfect Storm
Security professionals need to understand the actors behind ransomware threats, how they operate and how they continuously find new victims to target
π΄ Test Your Team, Not Just Your Disaster Recovery Plan π΄
π Read
via "Dark Reading".
Cyberattacks imperil business continuity, but there is a much more common security threat β unintentional human error.π Read
via "Dark Reading".
Dark Reading
Test Your Team, Not Just Your Disaster Recovery Plan
Cyberattacks imperil business continuity, but there is a much more common security threat β unintentional human error.
βΌ CVE-2021-45803 βΌ
π Read
via "National Vulnerability Database".
MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because this view parameter value is added to the SQL query without additional verification when viewing reservation.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45845 βΌ
π Read
via "National Vulnerability Database".
The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23033 βΌ
π Read
via "National Vulnerability Database".
arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if the entry doesn't have the valid bit set. It is possible to have a valid pagetable entry without the valid bit set when a guest operating system uses set/way cache maintenance instructions. For instance, a guest issuing a set/way cache maintenance instruction, then calling the XENMEM_decrease_reservation hypercall to give back memory pages to Xen, might be able to retain access to those pages even after Xen started reusing them for other purposes.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45343 βΌ
π Read
via "National Vulnerability Database".
In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document.π Read
via "National Vulnerability Database".