π’ IT Pro News in Review: UK tech raises $16bn, Microsoft acquires Miburo, largest DDoS attack mitigated π’
π Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutesπ Read
via "ITPro".
ITPro
IT Pro News in Review: UK tech raises $16bn, Microsoft acquires Miburo, largest DDoS attack mitigated
Catch up on the biggest headlines of the week in just two minutes
π’ SolarWinds details 'next generation' software development process π’
π Read
via "ITPro".
The open source approach, which will be shared with the wider community, is a direct response to the SUNBURST cyber attack in 2020π Read
via "ITPro".
IT PRO
SolarWinds details 'next generation' software development process | IT PRO
The open source approach, which will be shared with the wider community, is a direct response to the SUNBURST cyber attack in 2020
π’ Avira Free Security review: An effective antimalware suite, but heavy on the marketing π’
π Read
via "ITPro".
Itβs hard to fully appreciate Aviraβs malware protection when the packaging feels so manipulativeπ Read
via "ITPro".
IT PRO
Avira Free Security review: An effective antimalware suite, but heavy on the marketing | IT PRO
Itβs hard to fully appreciate Aviraβs malware protection when the packaging feels so manipulative
π’ BRATA malware has evolved to target online banking across Europe, researchers warn π’
π Read
via "ITPro".
The new variant can now access SMS, GPS, and device control to better steal financial dataπ Read
via "ITPro".
IT PRO
BRATA malware has evolved to target online banking across Europe, researchers warn | IT PRO
The new variant can now access SMS, GPS, and device control to better steal financial data
π’ Okta sets aside $1 million to support cyber security training for non-profits π’
π Read
via "ITPro".
One of the projects receiving a grant will help civil society organisations in Ukraine to strengthen their cyber securityπ Read
via "ITPro".
IT PRO
Okta sets aside $1 million to support cyber security training for non-profits | IT PRO
One of the projects receiving a grant will help civil society organisations in Ukraine to strengthen their cyber security
π’ Quantum is 'the future of AWS system security', Amazon claims π’
π Read
via "ITPro".
With third major quantum investment, AWS sets stage for next decade of network infrastructureπ Read
via "ITPro".
IT PRO
Quantum is 'the future of AWS system security', Amazon claims | IT PRO
With third major quantum investment, AWS sets stage for next decade of network infrastructure
π’ How secure is Gmail? π’
π Read
via "ITPro".
The practical steps you should take to secure your Gmail account, from implementing 2FA to performing regular checkupsπ Read
via "ITPro".
IT PRO
How secure is Gmail? | IT PRO
The practical steps you should take to secure your Gmail account, from implementing 2FA to performing regular checkups
βΌ CVE-2020-27509 βΌ
π Read
via "National Vulnerability Database".
Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a specially crafted XSS payload in the 'subject' field. The payload executes when the recipient logs into their mailbox.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34495 βΌ
π Read
via "National Vulnerability Database".
rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34494 βΌ
π Read
via "National Vulnerability Database".
rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.π Read
via "National Vulnerability Database".
βΌ CVE-2020-9754 βΌ
π Read
via "National Vulnerability Database".
NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33202 βΌ
π Read
via "National Vulnerability Database".
Authentication bypass vulnerability in the setup screen of L2Blocker(on-premise) Ver4.8.5 and earlier and L2Blocker(Cloud) Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative paths or channels for Sensor.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-33146 βΌ
π Read
via "National Vulnerability Database".
Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1846 βΌ
π Read
via "National Vulnerability Database".
The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attackπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1573 βΌ
π Read
via "National Vulnerability Database".
The HTML2WP WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change themπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1095 βΌ
π Read
via "National Vulnerability Database".
The Mihdan: No External Links WordPress plugin through 4.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)π Read
via "National Vulnerability Database".
βΌ CVE-2022-1572 βΌ
π Read
via "National Vulnerability Database".
The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary fileπ Read
via "National Vulnerability Database".
βΌ CVE-2022-0722 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to 7.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40897 βΌ
π Read
via "National Vulnerability Database".
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in split-html-to-chars v1.0.5 when splitting crafted invalid htmls.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2217 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40895 βΌ
π Read
via "National Vulnerability Database".
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in todo-regex v0.1.1 when matching crafted invalid TODO statements.π Read
via "National Vulnerability Database".