‼ CVE-2022-24279 ‼
📖 Read
via "National Vulnerability Database".
The package madlib-object-utils before 0.1.8 are vulnerable to Prototype Pollution via the setValue method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives from an incomplete fix of [CVE-2020-7701](https://security.snyk.io/vuln/SNYK-JS-MADLIBOBJECTUTILS-598676)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27425 ‼
📖 Read
via "National Vulnerability Database".
Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /blog/blog.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27421 ‼
📖 Read
via "National Vulnerability Database".
Chamilo LMS v1.11.13 lacks validation on the user modification form, allowing attackers to escalate privileges to Platform Admin.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29281 ‼
📖 Read
via "National Vulnerability Database".
Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program (or theft of NTLM credentials via an SMB relay attack, because the application resolves UNC paths).📖 Read
via "National Vulnerability Database".
🕴 Google Emergency Update Fixes Chrome Zero-Day 🕴
📖 Read
via "Dark Reading".
Google patches a critical flaw in its Chrome browser, bringing its count of zero-day vulnerabilities fixed in 2022 to four.📖 Read
via "Dark Reading".
Dark Reading
Google Emergency Update Fixes Chrome Zero-Day
Google patches a critical flaw in its Chrome browser, bringing its count of zero-day vulnerabilities fixed in 2022 to four.
‼ CVE-2022-1365 ‼
📖 Read
via "National Vulnerability Database".
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5.📖 Read
via "National Vulnerability Database".
⚠ Yet another Chrome zero-day emergency update – patch now! ⚠
📖 Read
via "Naked Security".
The third emergency Chrome 0-day in three months - the first one was exploited by North Korea, so you might as well get this one ASAP.📖 Read
via "Naked Security".
👍1
‼ CVE-2022-29020 ‼
📖 Read
via "National Vulnerability Database".
ForestBlog through 2022-02-16 allows admin/profile/save userAvatar XSS during addition of a user avatar.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29287 ‼
📖 Read
via "National Vulnerability Database".
Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an attacker with user management rights (default is Administrator) to export the user options of any user, even ones with higher privileges (like Global Administrators) than the current user. The exported XML contains every option of the exported user (even the hashed password).📖 Read
via "National Vulnerability Database".
🕴 Upgrades for Spring Framework Have Stalled 🕴
📖 Read
via "Dark Reading".
Upgrading and fixing the vulnerability in the Spring Framework doesn't seem to have the same level of urgency or energy as patching the Log4j library did back in December📖 Read
via "Dark Reading".
Dark Reading
Upgrades for Spring Framework Have Stalled
Upgrading and fixing the vulnerability in the Spring Framework doesn't seem to have the same level of urgency or energy as patching the Log4j library did back in December.
👍1
📢 Cloud security market to hit $106 billion by 2029 📢
📖 Read
via "ITPro".
The Asian-Pacific region is expected to see the highest growth rate over the forecast period📖 Read
via "ITPro".
IT PRO
Cloud security market to hit $106 billion by 2029 | IT PRO
The Asian-Pacific region is expected to see the highest growth rate over the forecast period
📢 Authorities finally confirm leading hacker platform RaidForums has been seized 📢
📖 Read
via "ITPro".
A 21-year-old was arrested in the UK in connection with the prolific hacker platform📖 Read
via "ITPro".
IT PRO
Authorities finally confirm leading hacker platform RaidForums has been seized | IT PRO
A 21-year-old was arrested in the UK in connection with the prolific hacker platform
📢 Denonia named as first malware to target AWS Lambda platform 📢
📖 Read
via "ITPro".
Deployment demonstrates how attackers are using advanced cloud-specific knowledge to exploit complex cloud infrastructure, Cado Security says📖 Read
via "ITPro".
IT PRO
Denonia named as first malware to target AWS Lambda platform | IT PRO
Deployment demonstrates how attackers are using advanced cloud-specific knowledge to exploit complex cloud infrastructure, Cado Security says
📢 DuckDuckGo app arrives on Mac 📢
📖 Read
via "ITPro".
New browser app comes with a cookie popup blocker and a password manager📖 Read
via "ITPro".
IT PRO
DuckDuckGo app arrives on Mac | IT PRO
New browser app comes with a cookie popup blocker and a password manager
📢 Ransomware activity falls 25% in Q1 2022 📢
📖 Read
via "ITPro".
The drop in ransomware has been attributed to larger ransomware gangs being less active compared to the end of 2021📖 Read
via "ITPro".
IT PRO
Ransomware activity falls 25% in Q1 2022 | IT PRO
The drop in ransomware has been attributed to larger ransomware gangs being less active compared to the end of 2021
📢 Critical security flaw discovered in NFT marketplace Rarible 📢
📖 Read
via "ITPro".
If exploited, the vulnerability could have led to the theft of NFTs and crypto tokens in a single transaction📖 Read
via "ITPro".
IT PRO
Critical security flaw discovered in NFT marketplace Rarible | IT PRO
If exploited, the vulnerability could have led to the theft of NFTs and crypto tokens in a single transaction
📢 The pros and cons of net neutrality 📢
📖 Read
via "ITPro".
Still on the fence about net neutrality? Here are both sides of the argument📖 Read
via "ITPro".
IT PRO
The pros and cons of net neutrality | IT PRO
Still on the fence about net neutrality? Here are both sides of the argument
📢 T-Mobile allegedly tried to buy leaked data from a hacker forum for $200k 📢
📖 Read
via "ITPro".
The stolen information was still up for sale long after payment, court papers suggest📖 Read
via "ITPro".
IT PRO
T-Mobile allegedly tried to buy leaked data from a hacker forum for $200k | IT PRO
The stolen information was still up for sale long after payment, court papers suggest
📢 17 Windows 10 problems - and how to fix them 📢
📖 Read
via "ITPro".
Tips and tricks for everything from upgrade issues and freeing up storage, to solving privacy errors and using safe mode📖 Read
via "ITPro".
ITPro
17 common Windows 10 problems and how to fix them
Tips and tricks to help you solve the most common Windows 10 problems, whether that's freeing up storage or handling safe mode
📢 Shiseido reportedly suffers data breach 📢
📖 Read
via "ITPro".
The Japanese cosmetics company has been accused of failing to notify affected staff of the leak📖 Read
via "ITPro".
IT PRO
Shiseido reportedly suffers data breach | IT PRO
The Japanese cosmetics company has been accused of failing to notify affected staff of the leak
📢 Microsoft's massive 145-vulnerability Patch Tuesday fixes ten critical exploits 📢
📖 Read
via "ITPro".
This month's round of patches is now available with some exploits proving to be particularly dangerous📖 Read
via "ITPro".
ITPro
Microsoft's massive 145-vulnerability Patch Tuesday fixes ten critical exploits
This month's round of patches is now available with some exploits proving to be particularly dangerous