βΌ CVE-2022-0676 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in NPM radare2.js prior to 5.6.4.π Read
via "National Vulnerability Database".
β NFT Investors Lose $1.7M in OpenSea Phishing Attack β
π Read
via "Threat Post".
Attackers took advantage of a smart-contract migration to swindle 17 users.π Read
via "Threat Post".
Threat Post
NFT Investors Lose $1.7M in OpenSea Phishing Attack
Attackers took advantage of a smart-contract migration to swindle 17 users.
ποΈ Jaw-dropping Coinbase security bug allowed users to steal unlimited cryptocurrency ποΈ
π Read
via "The Daily Swig".
Researcher nets $250,000 for βpotentially market-nukingβ vulnerabilityπ Read
via "The Daily Swig".
π₯3π1
π΄ Hidden Costs of a Data Breach π΄
π Read
via "Dark Reading".
Don't consider just the initial costs. Hidden factors include remediation, revenue loss, reputational harm, national security β even human life.π Read
via "Dark Reading".
Dark Reading
Hidden Costs of a Data Breach
Don't consider just the initial costs. Hidden factors include remediation, revenue loss, reputational harm, national security β even human life.
ποΈ AirTag clone bypassed Appleβs tracking-protection features, claims researcher ποΈ
π Read
via "The Daily Swig".
Third-party app allegedly outperforms Find My service by detecting the DIY deviceπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
AirTag clone bypassed Appleβs tracking-protection features, claims researcher
Third-party app allegedly outperforms Find My service by detecting the DIY device
π1
βοΈ Report: Missouri Governorβs Office Responsible for Teacher Data Leak βοΈ
π Read
via "Krebs on Security".
Missouri Governor Mike Parson made headlines last year when he vowed to criminally prosecute a journalist for reporting a security flaw in a state website that exposed personal information of more than 100,000 teachers. But Missouri prosecutors now say theyβ¦ Read More Β»π Read
via "Krebs on Security".
β French speakers blasted by sextortion scams with no text or links β
π Read
via "Naked Security".
You'd spot this one a mile away... but what about your friends or family?π Read
via "Naked Security".
Naked Security
French speakers blasted by sextortion scams with no text or links
Youβd spot this one a mile awayβ¦ but what about your friends or family?
βΌ CVE-2022-0665 βΌ
π Read
via "National Vulnerability Database".
Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2.π Read
via "National Vulnerability Database".
π I2P 1.7.0 π
π Read
via "Packet Storm Security".
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.π Read
via "Packet Storm Security".
Packetstormsecurity
I2P 1.7.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β WordPress backup plugin maker Updraft says βYou should updateββ¦ β
π Read
via "Naked Security".
A straight-talking bug report written in plain English by an actual expert - there's a teachable moment in this cybersecurity story!π Read
via "Naked Security".
Naked Security
WordPress backup plugin maker Updraft says βYou should updateββ¦
A straight-talking bug report written in plain English by an actual expert β thereβs a teachable moment in this cybersecurity story!
βοΈ IRS: Selfies Now Optional, Biometric Data to Be Deleted βοΈ
π Read
via "Krebs on Security".
The U.S. Internal Revenue Service (IRS) said Monday that taxpayers are no longer required to provide facial scans to create an account online at irs.gov. In lieu of providing biometric data, taxpayers can now opt for a live video interview with ID.me, the privately-held Virginia company that runs the agency's identity proofing system. The IRS also said any biometric data already shared with ID.me would be permanently deleted over the next few weeks, and any biometric data provided for new signups will be destroyed after an account is created.π Read
via "Krebs on Security".
Krebsonsecurity
IRS: Selfies Now Optional, Biometric Data to Be Deleted
The U.S. Internal Revenue Service (IRS) said Monday that taxpayers are no longer required to provide facial scans to create an account online at irs.gov. In lieu of providing biometric data, taxpayers can now opt for a live video interviewβ¦
π1
β Xenomorph Malware Burrows into Google Play Users, No Facehugger Required β
π Read
via "Threat Post".
Researchers discovered a new, modular banking trojan with ties to Cerberus and Alien that has the capability to become a much larger threat than it is now.π Read
via "Threat Post".
Threat Post
Xenomorph Malware Burrows into Google Play Users, No Facehugger Required
Researchers discovered a new, modular banking trojan with ties to Cerberus and Alien that has the capability to become a much larger threat than it is now.
βΌ CVE-2021-46162 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15048)π Read
via "National Vulnerability Database".
βΌ CVE-2022-0712 βΌ
π Read
via "National Vulnerability Database".
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46699 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains a stack based buffer overflow vulnerability while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15061)π Read
via "National Vulnerability Database".
π DHS Privacy Office Wants More Ways to Protect Data π
π Read
via "".
The departmentβs Chief Privacy Officer is hoping to build systems designed to prioritize the protection and confidentiality of consumer information by design.π Read
via "".
Digital Guardian
DHS Privacy Office Wants More Ways to Protect Data
The departmentβs Chief Privacy Officer is hoping to build systems designed to prioritize the protection and confidentiality of consumer information by design.
π΄ Name That Toon: Out in the Cold π΄
π Read
via "Dark Reading".
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Toon: Out in the Cold
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
β Cyberattackers Cook Up Employee Personal Data Heist for Meyer β
π Read
via "Threat Post".
The Conti gang breached the cookware giant's network, prepping thousands of employeesβ personal data for consumption by cybercrooks.π Read
via "Threat Post".
Threat Post
Cyberattackers Cook Up Employee Personal Data Heist for Meyer
The Conti gang breached the cookware giant's network, prepping thousands of employeesβ personal data for consumption by cybercrooks.
βΌ CVE-2022-0714 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23608 βΌ
π Read
via "National Vulnerability Database".
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0713 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4.π Read
via "National Vulnerability Database".