βΌ CVE-2022-20242 βΌ
π Read
via "National Vulnerability Database".
In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231986212π Read
via "National Vulnerability Database".
βΌ CVE-2022-20247 βΌ
π Read
via "National Vulnerability Database".
In Media, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-229858836π Read
via "National Vulnerability Database".
βΌ CVE-2022-28754 βΌ
π Read
via "National Vulnerability Database".
Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20403 βΌ
π Read
via "National Vulnerability Database".
Product: AndroidVersions: Android kernelAndroid ID: A-207975764References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2022-20404 βΌ
π Read
via "National Vulnerability Database".
Product: AndroidVersions: Android kernelAndroid ID: A-205714161References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2022-35676 βΌ
π Read
via "National Vulnerability Database".
Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0734 βΌ
π Read
via "National Vulnerability Database".
In Settings, there is a possible way to determine whether an app is installed without query permissions, due to side channel information disclosure. This could lead to local information disclosure of an installed package, without proper query permissions, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-189122911π Read
via "National Vulnerability Database".
βΌ CVE-2022-34264 βΌ
π Read
via "National Vulnerability Database".
Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update 4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20245 βΌ
π Read
via "National Vulnerability Database".
In WindowManager, there is a possible method to create a recording of the lock screen due to an insecure default value. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-215005011π Read
via "National Vulnerability Database".
βΌ CVE-2022-28753 βΌ
π Read
via "National Vulnerability Database".
Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35665 βΌ
π Read
via "National Vulnerability Database".
Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier) and 17.012.30249 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20407 βΌ
π Read
via "National Vulnerability Database".
Product: AndroidVersions: Android kernelAndroid ID: A-210916981References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2022-35666 βΌ
π Read
via "National Vulnerability Database".
Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier) and 17.012.30249 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35678 βΌ
π Read
via "National Vulnerability Database".
Adobe Acrobat Reader versions 22.001.20169 (and earlier), 20.005.30362 (and earlier) and 17.012.30249 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
ποΈ Browser-powered desync: New class of HTTP request smuggling attacks showcased at Black Hat USA ποΈ
π Read
via "The Daily Swig".
Renowned researcher James Kettle demonstrates his latest attack technique in Las Vegasπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Browser-powered desync: New class of HTTP request smuggling attacks showcased at Black Hat USA
Renowned researcher James Kettle demonstrates his latest attack technique in Las Vegas
π΄ New Cross-Industry Group Launches Open Cybersecurity Framework π΄
π Read
via "Dark Reading".
18 companies led by Amazon and Splunk announced the OCSF framework, to provide a standard way for sharing threat detection telemetry among different monitoring tools and applications.π Read
via "Dark Reading".
Dark Reading
New Cross-Industry Group Launches Open Cybersecurity Framework
Eighteen companies, led by Amazon and Splunk, announced the OCSF framework to provide a standard way for sharing threat detection telemetry among different monitoring tools and applications.
π΄ 4 Flaws, Other Weaknesses Undermine Cisco ASA Firewalls π΄
π Read
via "Dark Reading".
More than 1 million instances of firewalls running Cisco Adaptive Security Appliance (ASA) software have four vulnerabilities that undermine its security, a researcher finds.π Read
via "Dark Reading".
Dark Reading
4 Flaws, Other Weaknesses Undermine Cisco ASA Firewalls
More than 1 million instances of firewalls running Cisco Adaptive Security Appliance (ASA) software have four vulnerabilities that undermine its security, a researcher finds.
βοΈ It Might Be Our Data, But Itβs Not Our Breach βοΈ
π Read
via "Krebs on Security".
A cybersecurity firm says it has intercepted a large, unique stolen data set containing the names, addresses, email addresses, phone numbers, Social Security Numbers and dates of birth on nearly 23 million Americans. The firm's analysis of the data suggests it corresponds to current and former customers of AT&T. The telecommunications giant stopped short of saying the data wasn't theirs, but it maintains the records do not appear to have come from its systems and may be tied to a previous data incident at another company.π Read
via "Krebs on Security".
Krebs on Security
It Might Be Our Data, But Itβs Not Our Breach
A cybersecurity firm says it has intercepted a large, unique stolen data set containing the names, addresses, email addresses, phone numbers, Social Security Numbers and dates of birth on nearly 23 million Americans. The firm's analysis of the data suggestsβ¦
π΄ Cyber-Insurance Fail: Most Businesses Lack Ransomware Coverage π΄
π Read
via "Dark Reading".
Even among businesses with cyber insurance, they lack coverage for basic costs of many cyberattacks, according to a BlackBerry survey.π Read
via "Dark Reading".
Dark Reading
Cyber-Insurance Fail: Most Businesses Lack Ransomware Coverage
Even among businesses with cyber insurance, they lack coverage for basic costs of many cyberattacks, according to a BlackBerry survey.
π1
π΄ Supply-Chain Security Startup Phylum Wins the First Black Hat Innovation Spotlight π΄
π Read
via "Dark Reading".
Up-and-coming companies shoot their shot in a new feature introduced at the 25th annual cybersecurity conference.π Read
via "Dark Reading".
Dark Reading
Supply Chain Security Startup Phylum Wins the First Black Hat Innovation Spotlight
Up-and-coming companies shoot their shot in a new feature introduced at the 25th annual cybersecurity conference.
π΄ After Colonial Pipeline, Critical Infrastructure Operators Remain Blind to Cyber-Risks π΄
π Read
via "Dark Reading".
In her keynote address at Black Hat USA 2022, Kim Zetter gives scathing rebuke of Colonial Pipeline attack.π Read
via "Dark Reading".
Dark Reading
After Colonial Pipeline, Critical Infrastructure Operators Remain Blind to Cyber-Risks
In her keynote address at Black Hat USA 2022, Kim Zetter gives a scathing rebuke of Colonial Pipeline for not foreseeing the attack.