βΌ CVE-2022-1534 βΌ
π Read
via "National Vulnerability Database".
Buffer Over-read at parse_rawml.c:1416 in GitHub repository bfabiszewski/libmobi prior to 0.11. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.π Read
via "National Vulnerability Database".
ποΈ Data breach at US healthcare provider ARcare impacts 345,000 individuals ποΈ
π Read
via "The Daily Swig".
Sensitive medical and other personal data was potentially exposedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Data breach at US healthcare provider ARcare impacts 345,000 individuals
Sensitive medical and other personal data was potentially exposed
π΄ Ambient.ai Expands Computer Vision Capabilities for Better Building Security π΄
π Read
via "Dark Reading".
The AI startup releases new threat signatures to expand the computer vision platformβs ability to identify potential physical security incidents from camera feeds.π Read
via "Dark Reading".
Dark Reading
Ambient.ai Expands Computer Vision Capabilities for Better Building Security
The AI startup releases new threat signatures to expand the computer vision platformβs ability to identify potential physical security incidents from camera feeds.
π TOR Virtual Network Tunneling Tool 0.4.7.7 π
π Read
via "Packet Storm Security".
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
TOR Virtual Network Tunneling Tool 0.4.7.7 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Security Turbulence in the Cloud: Survey Saysβ¦ β
π Read
via "Threat Post".
Exclusive Threatpost research examines organizationsβ top cloud security concerns, attitudes towards zero-trust and DevSecOps.π Read
via "Threat Post".
Threat Post
Security Turbulence in the Cloud: Survey Saysβ¦
Exclusive Threatpost research examines organizationsβ top cloud security concerns, attitudes towards zero-trust and DevSecOps.
βΌ CVE-2022-1536 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home</title><script>alert("home")</script><title> leads to a cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit details have disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44596 βΌ
π Read
via "National Vulnerability Database".
Wondershare LTD Dr. Fone as of 2021-12-06 version is affected by Remote code execution. Due to software design flaws an unauthenticated user can communicate over UDP with the "InstallAssistService.exe" service(the service is running under SYSTEM privileges) and manipulate it to execute malicious executable without any validation from a remote location and gain SYSTEM privilegesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-44595 βΌ
π Read
via "National Vulnerability Database".
Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A normal user can send manually crafted packets to the ElevationService.exe and execute arbitrary code without any validation with SYSTEM privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41942 βΌ
π Read
via "National Vulnerability Database".
The Magic CMS MSVOD v10 video system has a SQL injection vulnerability. Attackers can use vulnerabilities to obtain sensitive information in the database.π Read
via "National Vulnerability Database".
π΄ Take a Diversified Approach to Encryption π΄
π Read
via "Dark Reading".
Encryption will break, so it's important to mix and layer different encryption methods.π Read
via "Dark Reading".
Dark Reading
Take a Diversified Approach to Encryption
Encryption will break, so it's important to mix and layer different encryption methods.
β S3 Ep80: Ransomware news, phishing woes, NAS bugs, and a giant hole in Java [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep80: Ransomware news, phishing woes, NAS bugs, and a giant hole in Java [Podcast]
Latest episode β listen now!
ποΈ Bug Bounty Radar // The latest bug bounty programs for May 2022 ποΈ
π Read
via "The Daily Swig".
New web targets for the discerning hackerπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bug Bounty Radar // The latest bug bounty programs for May 2022
New web targets for the discerning hacker
π’ IT Pro News in Review: Vulnerable Lenovo laptops, record EE 5G speeds, Okta ends LAPSUS$ probe π’
π Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutesπ Read
via "ITPro".
IT PRO
IT Pro News in Review: Vulnerable Lenovo laptops, record EE 5G speeds, Okta ends LAPSUS$ probe
Catch up on the biggest headlines of the week in just two minutes
π’ DDoS attacks surge to record numbers in 2022 as a result of Russia-Ukraine war π’
π Read
via "ITPro".
Cases this year saw some of the longest-lasting DDoS attacks ever seen as hacktivists assembled to take on their enemies in the ongoing cyber war between Russia and Ukraineπ Read
via "ITPro".
IT PRO
DDoS attacks surge to record numbers in 2022 as a result of Russia-Ukraine war | IT PRO
Cases this year saw some of the longest-lasting DDoS attacks ever seen as hacktivists assembled to take on their enemies in the ongoing cyber war between Russia and Ukraine
π1
π’ Encryption battle plays out in Australian Parliament π’
π Read
via "ITPro".
The opposition said that the government is βaddicted to secrecyβπ Read
via "ITPro".
IT PRO
Encryption battle plays out in Australian Parliament | IT PRO
The opposition said that the government is βaddicted to secrecyβ
π’ Best VPN services 2022 π’
π Read
via "ITPro".
With remote working on the rise, we round up the best tried and tested VPN servicesπ Read
via "ITPro".
IT PRO
Best VPN services 2022 | IT PRO
With remote working on the rise, we round up the best tried and tested VPN services
π’ AWS launches quantum random number generator π’
π Read
via "ITPro".
The cloud giant is using an Australian universityβs technology to help customers access random numbers for experiments through an APIπ Read
via "ITPro".
IT PRO
AWS launches quantum random number generator | IT PRO
The cloud giant is using an Australian universityβs technology to help customers access random numbers for experiments through an API
π’ Exclusive: Former Shiseido staff say company was aware of data breach weeks before official notice π’
π Read
via "ITPro".
Fake companies were created using the stolen identities of hundreds of Shiseido employees, former staff claimπ Read
via "ITPro".
IT PRO
Exclusive: Former Shiseido staff say company was aware of data breach weeks before official notice | IT PRO
Fake companies were created using the stolen identities of hundreds of Shiseido employees, former staff claim
π’ Microsoft announces lucrative new bug bounty awards for M365 products and services π’
π Read
via "ITPro".
The new awards will focus on scenario-based weaknesses and offer bonuses of up to 30% for the most severe bugsπ Read
via "ITPro".
ITPro
Microsoft announces lucrative new bug bounty awards for M365 products and services
The new awards will focus on scenario-based weaknesses and offer bonuses of up to 30% for the most severe bugs
π’ Funky Pigeon site offline after "cyber incident" π’
π Read
via "ITPro".
The WH Smith-owned card site has reported the breach to "the relevant regulators"π Read
via "ITPro".
IT PRO
Funky Pigeon site offline after "cyber incident" | IT PRO
The WH Smith-owned card site has reported the breach to "the relevant regulators"
π’ Tech leaders share how to break into the tech industry π’
π Read
via "ITPro".
βYou have to feel like a true member of the IT world before you actually become a member"π Read
via "ITPro".
IT PRO
Tech leaders share how to break into the tech industry | IT PRO
βYou have to feel like a true member of the IT world before you actually become a member"