π΄ More Security Flaws Found in Apple's OS Technologies π΄
π Read
via "Dark Reading".
Apple's updates this week included fixes for two zero-day flaws, several code execution bugs, and vulnerabilities that allowed attackers to bypass its core security protections.π Read
via "Dark Reading".
Dark Reading
More Security Flaws Found in Apple's OS Technologies
Apple's latest updates included fixes for two zero-day flaws, several code execution bugs, and vulnerabilities that allowed attackers to bypass its core security protections.
β Apple fixes Safari data leak (and patches a zero-day!) β update now β
π Read
via "Naked Security".
That infamous "supercookie" bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β S3 Ep67: Tax scams, carder busts and crypto capers [Podcast + Transcript] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep67: Tax scams, carder busts and crypto capers [Podcast + Transcript]
Latest episode β listen now!
β Conti, DeadBolt Target Delta, QNAP β
π Read
via "Threat Post".
QNAP had to push out an unexpected (and not entirely welcome) NAS device update, and Delta Electronics' network has been crippled.π Read
via "Threat Post".
Threat Post
Conti, DeadBolt Ransomwares Target Delta, QNAP
QNAP had to push out an unexpected (and not entirely welcome) NAS device update, and Delta Electronicsβ network has been crippled.
β Shlayer and Bundlore MacOS Malware Strains β How Uptycs EDR Detection Can Help β
π Read
via "Threat Post".
MacOS malware Shlayer and Bundlore may have variations, but the behavior of their attacks have not changed β attacking older macOS versions and poorly-protected websites.π Read
via "Threat Post".
Threat Post
Shlayer and Bundlore MacOS Malware Strains β How Uptycs EDR Detection Can Help
Ashwin Vamshi Adware strains Shlayer and Bundlore are the most common malware in macOS β although they have slight variations, they have long invaded and bypassed Xprotect, Notarization, Gatekeeper, and File Quarantine, all security features pre-built intoβ¦
βΌ CVE-2021-42791 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push notifications for any other user. The text contained in the push notification can also be modified. If a user who receives the notification accepts it, then the user who triggered the notification can obtain the accepting user's login certificate.π Read
via "National Vulnerability Database".
ποΈ US governmentβs βzero trustβ roadmap calls time on perimeter-based paradigm ποΈ
π Read
via "The Daily Swig".
Federal agencies have a little over two years to fundamentally remodel cyber defensesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
US governmentβs βzero trustβ roadmap calls time on perimeter-based paradigm
Federal agencies have a little over two years to fundamentally remodel cyber defenses
β Happy Data Privacy Day β and we really do mean βhappyβ :-) β
π Read
via "Naked Security".
We give you some simple digital lifesytle tips that cost nothing.π Read
via "Naked Security".
Naked Security
Happy Data Privacy Day β and we really do mean βhappyβ :-)
We give you some simple digital lifesytle tips that cost nothing.
β Zerodium Spikes Payout for Zero-Click Outlook Zero-Days β
π Read
via "Threat Post".
The sweetened deal came on the same day that Trustwave SpiderLabs published a new way to bypass Outlook security to deliver malicious links to victims.π Read
via "Threat Post".
Threat Post
Zerodium Spikes Payout for Zero-Click Outlook Zero-Days
The sweetened deal came on the same day that Trustwave SpiderLabs published a new way to bypass Outlook security to deliver malicious links to victims.
βΌ CVE-2022-23098 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44249 βΌ
π Read
via "National Vulnerability Database".
Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23863 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23097 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45435 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Sourcecodester Simple Cold Storage Management System using PHP/OOP 1.0 via the username field in login.php.π Read
via "National Vulnerability Database".
βΌ CVE-2020-25905 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in (1) login.php or (2) LoginAsAdmin.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23096 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read.π Read
via "National Vulnerability Database".
π¦Ώ Kaspersky stopped more than 30,000 attempts to use the Log4Shell exploit in January π¦Ώ
π Read
via "Tech Republic".
The critical remote code execution vulnerability in Apache's Log4j utility continues to be a popular tactic for cybercriminals. Consider this yet another plea to patch your systems.π Read
via "Tech Republic".
TechRepublic
Kaspersky stopped more than 30,000 attempts to use the Log4Shell exploit in January
The critical remote code execution vulnerability in Apache's Log4j utility continues to be a popular tactic for cybercriminals. Consider this yet another plea to patch your systems.
π΄ The Looming CISO Mental Health Crisis β and What to Do About It, Part 1 π΄
π Read
via "Dark Reading".
The next big threat to corporate security may not be a new strain of malware or innovative attacker tactics, techniques, and processes. It may be our own mental health.π Read
via "Dark Reading".
Dark Reading
The Looming CISO Mental Health Crisis β and What to Do About It, Part 1
The next big threat to corporate security may not be a new strain of malware or innovative attacker tactics, techniques, and processes. It may be our own mental health.
βΌ CVE-2021-34073 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerabilty exists in Sourcecodester Gadget Works Online Ordering System in PHP/MySQLi 1.0 via the Category parameter in an add function in category/index.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22294 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in ZFAKA<=1.43 which an attacker can use to complete SQL injection in the foreground and add a background administrator account.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45898 βΌ
π Read
via "National Vulnerability Database".
SuiteCRM before 7.12.3 and 8.x before 8.0.2 allows local file inclusion.π Read
via "National Vulnerability Database".