βΌ CVE-2018-25045 βΌ
π Read
via "National Vulnerability Database".
Django REST framework (aka django-rest-framework) before 3.9.1 allows XSS because the default DRF Browsable API view templates disable autoescaping.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1146 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1129 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1137 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1125 βΌ
π Read
via "National Vulnerability Database".
Use after free in Portals in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1128 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1132 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1130 βΌ
π Read
via "National Vulnerability Database".
Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1138 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who had compromised the renderer process to obscure the contents of the Omnibox (URL bar) via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1096 βΌ
π Read
via "National Vulnerability Database".
Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1139 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1136 βΌ
π Read
via "National Vulnerability Database".
Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific set of user gestures.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1127 βΌ
π Read
via "National Vulnerability Database".
Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1133 βΌ
π Read
via "National Vulnerability Database".
Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
π’ Russian cyber attacks on Ukraine: What we know so far π’
π Read
via "ITPro".
The conflict between Russia and Ukraine has set the tone for all future wars, and the cyber attacks observed throughout will provide a how-to guide on handling simultaneous cyber and kinetic warfareπ Read
via "ITPro".
IT Pro
Russian cyber attacks on Ukraine: What we know so far
The conflict between Russia and Ukraine has set the tone for all future wars, and the cyber attacks observed throughout will provide a how-to guide on handling simultaneous cyber and kinetic warfare
π’ Mysterious MacOS spyware discovered using public cloud storage as its control server π’
π Read
via "ITPro".
Researchers have warned that little is known about the 'CloudMensis' malware, including how it is distributed and who is behind itπ Read
via "ITPro".
IT PRO
Mysterious MacOS spyware discovered using public cloud storage as its control server | IT PRO
Researchers have warned that little is known about the 'CloudMensis' malware, including how it is distributed and who is behind it
π’ Hackers hiding malicious links in top Google search results, researchers warn π’
π Read
via "ITPro".
Malicious adverts made to resemble links to websites are targeting some of the worldβs most popular websitesπ Read
via "ITPro".
IT PRO
Hackers hiding malicious links in top Google search results, researchers warn | IT PRO
Malicious adverts made to resemble links to websites are targeting some of the worldβs most popular websites
π’ (ISC)2 offers free cyber security certifications to one million people π’
π Read
via "ITPro".
The scheme builds on the earlier efforts to provide 100,000 people in the UK with free cyber security trainingπ Read
via "ITPro".
IT PRO
(ISC)2 offers free cyber security certifications to one million people | IT PRO
The scheme builds on the earlier efforts to provide 100,000 people in the UK with free cyber security training
π’ GPS tracker exploit puts the world's most high-value individuals in real-world danger π’
π Read
via "ITPro".
Vulnerabilities in a GPS tracker used by governments, militaries, and Fortune 50 companies could be used to track the locations of high-value targets and disable emergency service vehiclesπ Read
via "ITPro".
IT PRO
GPS tracker exploit puts the world's most high-value individuals in real-world danger | IT PRO
Vulnerabilities in a GPS tracker used by governments, militaries, and Fortune 50 companies could be used to track the locations of high-value targets and disable emergency service vehicles
π’ Sophos announces new X-Ops unit to streamline defence against cyber attacks π’
π Read
via "ITPro".
New team unifies vendorβs threat response, labs, and AI teams of cybersecurity expertsπ Read
via "ITPro".
IT PRO
Sophos announces new X-Ops unit to streamline defence against cyber attacks | IT PRO
New team unifies vendorβs threat response, labs, and AI teams of cybersecurity experts
π’ Romanian man extradited to US over Gozi virus hacking charges π’
π Read
via "ITPro".
The man allegedly ran a service that helped cyber criminals distribute the Gozi virus which ended up infecting over one million computers worldwide, including some which belonged to NASAπ Read
via "ITPro".
IT PRO
Romanian man extradited to US over Gozi virus hacking charges | IT PRO
The man allegedly ran a service that helped cyber criminals distribute the Gozi virus which ended up infecting over one million computers worldwide, including some which belonged to NASA