βΌ CVE-2016-20013 βΌ
π Read
via "National Vulnerability Database".
sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24979 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. The Edge Site Includes (ESI) content element renderer component does not include an access check. This allows an unauthenticated user to render various content elements, resulting in insecure direct object reference (IDOR), with the potential of exposing internal content elements.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25256 βΌ
π Read
via "National Vulnerability Database".
SAS Web Report Studio 4.4 allows XSS. /SASWebReportStudio/logonAndRender.do has two parameters: saspfs_request_backlabel_list and saspfs_request_backurl_list. The first one affects the content of the button placed in the top left. The second affects the page to which the user is directed after pressing the button, e.g., a malicious web page. In addition, the second parameter executes JavaScript, which means XSS is possible by adding a javascript: URL.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0678 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0630 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Read in Homebrew mruby prior to 3.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0632 βΌ
π Read
via "National Vulnerability Database".
NULL Pointer Dereference in Homebrew mruby prior to 3.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0690 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.π Read
via "National Vulnerability Database".
βΌ CVE-2016-1239 βΌ
π Read
via "National Vulnerability Database".
duck before 0.10 did not properly handle loading of untrusted code from the current directory..π Read
via "National Vulnerability Database".
π’ IT Pro News In Review: Nvidia breaks off Arm deal, FCDO security attack, Microsoft to disable VBA π’
π Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutesπ Read
via "ITPro".
ITPro
IT Pro News In Review: Nvidia breaks off Arm deal, FCDO security attack, Microsoft to disable VBA
Catch up on the biggest headlines of the week in just two minutes
π’ Texas sues Facebook for misusing facial recognition data π’
π Read
via "ITPro".
State wants up to $25,000 per alleged violation for discontinued programπ Read
via "ITPro".
IT PRO
Texas sues Facebook for misusing facial recognition data | IT PRO
State wants up to $25,000 per alleged violation for discontinued program
π’ Mid-sized businesses on hackersβ 2022 hit list, cyber agencies warn π’
π Read
via "ITPro".
Cyber criminals are "shifting away from big-game hunting", say FBI and NCSCπ Read
via "ITPro".
IT PRO
Mid-sized businesses on hackersβ 2022 hit list, cyber agencies warn | IT PRO
Cyber criminals are βshifting away from βbig-gameβ hunting", says FBI and NCSC
π’ Google doubles bug bounty rewards for Linux, Kubernetes exploits π’
π Read
via "ITPro".
The increased rewards are said to align better with the community's expectations of a bug bounty programme of this kindπ Read
via "ITPro".
ITPro
Google doubles bug bounty rewards for Linux, Kubernetes exploits
The increased rewards are said to align better with the community's expectations of a bug bounty programme of this kind
π1
π’ What is a 502 bad gateway and how do you fix it? π’
π Read
via "ITPro".
We explain what this networking error means for users and website ownersπ Read
via "ITPro".
IT PRO
What is a 502 Bad Gateway and how do you fix it? | IT PRO
We explain what the 502 Bad Gateway networking error means for users and website owners, and some potential steps for fixing it
π’ Apple users told to update their devices to fix critical WebKit flaw π’
π Read
via "ITPro".
The security flaw allowed code execution on a range of devices and represents the third major vulnerability to be patched by Apple this yearπ Read
via "ITPro".
IT PRO
Apple users told to update their devices to fix critical WebKit flaw | IT PRO
The security flaw allowed code execution on a range of devices and represents the third major vulnerability to be patched by Apple this year
π’ Google and competition watchdog agree on rules governing cookie policy changes π’
π Read
via "ITPro".
The news comes as the European Publishers Council (EPC) issued a European Commission antitrust complaint against Googleπ Read
via "ITPro".
IT PRO
Google and competition watchdog agree on rules governing cookie policy changes | IT PRO
The news comes as the European Publishers Council (EPC) issued a European Commission antitrust complaint against Google
π’ Coinbase Super Bowl marketing stunt prompts debate over QR code security π’
π Read
via "ITPro".
Experts are torn over QR codes and whether the cyber security threat they theoretically present is actually enough to warrant genuine concern in real-world scenariosπ Read
via "ITPro".
IT PRO
Coinbase Super Bowl marketing stunt prompts debate over QR code security | IT PRO
Experts are torn over QR codes and whether the cyber security threat they theoretically present is actually enough to warrant genuine concern in real-world scenarios
π’ Google Chrome update fixes zero-day under active exploitation π’
π Read
via "ITPro".
Google releases a fresh wave of patches for severe vulnerabilities that could facilitate code execution and system takeover via Google Chromeπ Read
via "ITPro".
ITPro
Google Chrome update fixes zero-day under active exploitation
Google releases a fresh wave of patches for severe vulnerabilities that could facilitate code execution and system takeover via Google Chrome
π’ Data protection policies and procedures π’
π Read
via "ITPro".
Why your company needs them, and what they should includeπ Read
via "ITPro".
IT PRO
Data protection policies and procedures | IT PRO
Why your company needs them, and what they should include
π’ Hackers to face 25 years in jail for cyber attacks on Australia's national infrastructure π’
π Read
via "ITPro".
The proposals aim to update current laws to account for cyber threats like ransomwareπ Read
via "ITPro".
IT PRO
Hackers to face 25 years in jail for cyber attacks on Australia's national infrastructure | IT PRO
The proposals aim to update current laws to account for cyber threats like ransomware
π’ Cyber security startups pull in record-breaking investment in 2021 π’
π Read
via "ITPro".
Data suggests high-profile data breaches led to a greater number of transactions valued at $100 million or moreπ Read
via "ITPro".
IT PRO
Cyber security startups pull in record-breaking investment in 2021 | IT PRO
Data suggests high-profile data breaches led to a greater number of transactions valued at $100 million or more