β Firefox patches two in-the-wild exploits β update now! β
π Read
via "Naked Security".
Firefox just published a double-zero-day patch - "remote code execution" combined with "sandbox escape". Update now!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2022-26487 βΌ
π Read
via "National Vulnerability Database".
Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allow remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic).π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-26490 βΌ
π Read
via "National Vulnerability Database".
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0868 βΌ
π Read
via "National Vulnerability Database".
Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44748 βΌ
π Read
via "National Vulnerability Database".
A vulnerability affecting F-Secure SAFE browser was discovered whereby browsers loads images automatically this vulnerability can be exploited remotely by an attacker to execute the JavaScript can be used to trigger universal cross-site scripting through the browser. User interaction is required prior to exploitation, such as entering a malicious website to trigger the vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44749 βΌ
π Read
via "National Vulnerability Database".
A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling can be triggered to cause universal cross-site scripting through browsing protection in a SAFE web browser. User interaction is required prior to exploitation. A successful exploitation may lead to arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0697 βΌ
π Read
via "National Vulnerability Database".
Open Redirect in GitHub repository archivy/archivy prior to 1.7.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4199 βΌ
π Read
via "National Vulnerability Database".
Incorrect Permission Assignment for Critical Resource vulnerability in the crash handling component BDReinit.exe as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools for Windows allows a remote attacker to escalate local privileges to SYSTEM. This issue affects: Bitdefender Total Security versions prior to 26.0.10.45. Bitdefender Internet Security versions prior to 26.0.10.45. Bitdefender Antivirus Plus versions prior to 26.0.10.45. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.3.146.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4198 βΌ
π Read
via "National Vulnerability Database".
A NULL Pointer Dereference vulnerability in the messaging_ipc.dll component as used in Bitdefender Total Security, Internet Security, Antivirus Plus, Endpoint Security Tools, VPN Standalone allows an attacker to arbitrarily crash product processes and generate crashdump files. This issue affects: Bitdefender Total Security versions prior to 26.0.3.29. Bitdefender Internet Security versions prior to 26.0.3.29. Bitdefender Antivirus Plus versions prior to 26.0.3.29. Bitdefender Endpoint Security Tools versions prior to 7.2.2.92. Bitdefender VPN Standalone versions prior to 25.5.0.48.π Read
via "National Vulnerability Database".
π΄ After a Busy December, Attacks on Log4J Vulnerability Dropped π΄
π Read
via "Dark Reading".
While attackers and researchers shift their attention to the next new vulnerability, security teams make sure they finish patching vulnerable Log4j versions in their applications and services .π Read
via "Dark Reading".
Dark Reading
After a Busy December, Attacks on Log4j Vulnerability Dropped
While attackers and researchers shift their attention to the next new vulnerability, security teams make sure they finish patching vulnerable Log4j versions in their applications and services.
ποΈ Utah privacy bill places tighter controls on consumer data ποΈ
π Read
via "The Daily Swig".
Policymakers move forward with new data privacy legislationπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Utah privacy bill places tighter controls on consumer data
Policymakers move forward with new data privacy legislation
π΄ Why the World Needs a Global Collective Cyber Defense π΄
π Read
via "Dark Reading".
This sort of approach would enable cross-company and cross-sector threat information sharing, an effort that would allow companies to easily turn data into actionable insights.π Read
via "Dark Reading".
Dark Reading
Why the World Needs a Global Collective Cyber Defense
This sort of approach would enable cross-company and cross-sector threat information sharing, an effort that would allow companies to easily turn data into actionable insights.
π€―1
βΌ CVE-2022-0754 βΌ
π Read
via "National Vulnerability Database".
SQL Injection in GitHub repository salesagility/suitecrm prior to 7.12.5.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0755 βΌ
π Read
via "National Vulnerability Database".
Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.12.5.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0756 βΌ
π Read
via "National Vulnerability Database".
Improper Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.π Read
via "National Vulnerability Database".
β Critical Firefox Zero-Day Bugs Allow RCE, Sandbox Escape β
π Read
via "Threat Post".
Both vulnerabilities are use-after-free issues in Mozilla's popular web browser.π Read
via "Threat Post".
Threat Post
Critical Firefox Zero-Day Bugs Allow RCE, Sandbox Escape
Both vulnerabilities are use-after-free issues in Mozilla's popular web browser.
ποΈ Fresh flaws in Facebook Canvas earn bug bounty hunter a second payday ποΈ
π Read
via "The Daily Swig".
Next-level account takeoverπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Fresh flaws in Facebook Canvas earn bug bounty hunter a second payday
Next-level account takeover
β Nvidiaβs Stolen Code-Signing Certs Used to Sign Malware β
π Read
via "Threat Post".
Nvidia certificates are being used to sign malware, enabling malicious programs to pose as legitimate and slide past security safeguards on Windows machines.π Read
via "Threat Post".
Threat Post
NVIDIAβs Stolen Code-Signing Certs Used to Sign Malware
NVIDIA certificates are being used to sign malware, enabling malicious programs to pose as legitimate and slide past security safeguards on Windows machines.
π΄ Industrial Systems See More Vulnerabilities, Greater Threat π΄
π Read
via "Dark Reading".
The makers of operational technology and connected devices saw reported vulnerabilities grow by half in 2021, but other trends may be more disturbing.π Read
via "Dark Reading".
Dark Reading
Industrial Systems See More Vulnerabilities, Greater Threat
The makers of operational technology and connected devices saw reported vulnerabilities grow by half in 2021, but other trends may be more disturbing.
β Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak β
π Read
via "Threat Post".
The move comes just a week after GPU-maker NVIDIA was hit by Lapsus$ and every employee credential was leaked.π Read
via "Threat Post".
Threat Post
Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak
The move comes just a week after GPU-maker NVIDIA was hit by Lapsus$ and every employee credential was leaked.
βΌ CVE-2021-38989 βΌ
π Read
via "National Vulnerability Database".
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212951.π Read
via "National Vulnerability Database".