βΌ CVE-2022-1132 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1130 βΌ
π Read
via "National Vulnerability Database".
Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1138 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who had compromised the renderer process to obscure the contents of the Omnibox (URL bar) via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1096 βΌ
π Read
via "National Vulnerability Database".
Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1139 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1136 βΌ
π Read
via "National Vulnerability Database".
Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific set of user gestures.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1127 βΌ
π Read
via "National Vulnerability Database".
Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1133 βΌ
π Read
via "National Vulnerability Database".
Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
π’ Russian cyber attacks on Ukraine: What we know so far π’
π Read
via "ITPro".
The conflict between Russia and Ukraine has set the tone for all future wars, and the cyber attacks observed throughout will provide a how-to guide on handling simultaneous cyber and kinetic warfareπ Read
via "ITPro".
IT Pro
Russian cyber attacks on Ukraine: What we know so far
The conflict between Russia and Ukraine has set the tone for all future wars, and the cyber attacks observed throughout will provide a how-to guide on handling simultaneous cyber and kinetic warfare
π’ Mysterious MacOS spyware discovered using public cloud storage as its control server π’
π Read
via "ITPro".
Researchers have warned that little is known about the 'CloudMensis' malware, including how it is distributed and who is behind itπ Read
via "ITPro".
IT PRO
Mysterious MacOS spyware discovered using public cloud storage as its control server | IT PRO
Researchers have warned that little is known about the 'CloudMensis' malware, including how it is distributed and who is behind it
π’ Hackers hiding malicious links in top Google search results, researchers warn π’
π Read
via "ITPro".
Malicious adverts made to resemble links to websites are targeting some of the worldβs most popular websitesπ Read
via "ITPro".
IT PRO
Hackers hiding malicious links in top Google search results, researchers warn | IT PRO
Malicious adverts made to resemble links to websites are targeting some of the worldβs most popular websites
π’ (ISC)2 offers free cyber security certifications to one million people π’
π Read
via "ITPro".
The scheme builds on the earlier efforts to provide 100,000 people in the UK with free cyber security trainingπ Read
via "ITPro".
IT PRO
(ISC)2 offers free cyber security certifications to one million people | IT PRO
The scheme builds on the earlier efforts to provide 100,000 people in the UK with free cyber security training
π’ GPS tracker exploit puts the world's most high-value individuals in real-world danger π’
π Read
via "ITPro".
Vulnerabilities in a GPS tracker used by governments, militaries, and Fortune 50 companies could be used to track the locations of high-value targets and disable emergency service vehiclesπ Read
via "ITPro".
IT PRO
GPS tracker exploit puts the world's most high-value individuals in real-world danger | IT PRO
Vulnerabilities in a GPS tracker used by governments, militaries, and Fortune 50 companies could be used to track the locations of high-value targets and disable emergency service vehicles
π’ Sophos announces new X-Ops unit to streamline defence against cyber attacks π’
π Read
via "ITPro".
New team unifies vendorβs threat response, labs, and AI teams of cybersecurity expertsπ Read
via "ITPro".
IT PRO
Sophos announces new X-Ops unit to streamline defence against cyber attacks | IT PRO
New team unifies vendorβs threat response, labs, and AI teams of cybersecurity experts
π’ Romanian man extradited to US over Gozi virus hacking charges π’
π Read
via "ITPro".
The man allegedly ran a service that helped cyber criminals distribute the Gozi virus which ended up infecting over one million computers worldwide, including some which belonged to NASAπ Read
via "ITPro".
IT PRO
Romanian man extradited to US over Gozi virus hacking charges | IT PRO
The man allegedly ran a service that helped cyber criminals distribute the Gozi virus which ended up infecting over one million computers worldwide, including some which belonged to NASA
π’ Data on 69 million Neopets users stolen and listed for sale on hacker forum π’
π Read
via "ITPro".
Email addresses, passwords, and zip codes are all thought to have been stolen by the hackerπ Read
via "ITPro".
IT PRO
Data on 69 million Neopets users stolen and listed for sale on hacker forum | IT PRO
Email addresses, passwords, and zip codes are all thought to have been stolen by the hacker
π1
π’ Pax8 teams up with Nord Security to bolster security offering π’
π Read
via "ITPro".
Pax8βs cloud marketplace now offers SASE solution NordLayer and the NordPass password managerπ Read
via "ITPro".
IT PRO
Pax8 teams up with Nord Security to bolster security offering | IT PRO
Pax8βs cloud marketplace now offers SASE solution NordLayer and the NordPass password manager
π’ Zoom adds end-to-end encryption to Zoom Phone and Breakout Rooms π’
π Read
via "ITPro".
Users will need to be on the same Zoom account for E2EE for Zoom Calls to workπ Read
via "ITPro".
IT PRO
Zoom adds end-to-end encryption to Zoom Phone and Breakout Rooms | IT PRO
Users will need to be on the same Zoom account for E2EE for Zoom Calls to work
π’ HTTP vs HTTPS: What difference does it make to security? π’
π Read
via "ITPro".
We look at the difference between HTTPS and HTTP and tell you how to switch between themπ Read
via "ITPro".
IT PRO
HTTP vs HTTPS: What difference does it make to security? | IT PRO
We look at the difference between HTTPS and HTTP and tell you how to switch between them
βΌ CVE-2022-24294 βΌ
π Read
via "National Vulnerability Database".
A regular expression used in Apache MXNet (incubating) is vulnerable to a potential denial-of-service by excessive resource consumption. The bug could be exploited when loading a model in Apache MXNet that has a specially crafted operator name that would cause the regular expression evaluation to use excessive resources to attempt a match. This issue affects Apache MXNet versions prior to 1.9.1.π Read
via "National Vulnerability Database".
π€1
βΌ CVE-2021-46829 βΌ
π Read
via "National Vulnerability Database".
GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems.π Read
via "National Vulnerability Database".