βΌ CVE-2022-38234 βΌ
π Read
via "National Vulnerability Database".
XPDF commit ffaf11c was discovered to contain a segmentation violation via Lexer::getObj(Object*) at /xpdf/Lexer.cc.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38231 βΌ
π Read
via "National Vulnerability Database".
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::getChar() at /xpdf/Stream.cc.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35434 βΌ
π Read
via "National Vulnerability Database".
jpeg-quantsmooth before commit 8879454 contained a floating point exception (FPE) via /jpeg-quantsmooth/jpegqs+0x4f5d6c.π Read
via "National Vulnerability Database".
π΄ Microsoft Rolls Out Tamper Protection for Macs π΄
π Read
via "Dark Reading".
The tamper protection feature detects attempts to modify files and processes for Microsoft Defender for Endpoints on macOS.π Read
via "Dark Reading".
Dark Reading
Microsoft Rolls Out Tamper Protection for Macs
The new feature detects attempts to modify files and processes for Microsoft Defender for Endpoints on macOS.
π1
βΌ CVE-2022-25799 βΌ
π Read
via "National Vulnerability Database".
An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.5.0. An attacker could send a link that has a specially crafted URL and convince the user to click the link. When an authenticated user clicks the link, the authenticated user's browser could be redirected to a malicious site that is designed to impersonate a legitimate website. The attacker could trick the user and potentially acquire sensitive information such as the user's credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42052 βΌ
π Read
via "National Vulnerability Database".
IPESA e-Flow 3.3.6 allows path traversal for reading any file within the web root directory via the lib/js/build/STEResource.res path and the R query parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2871 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notrinoserp prior to 0.7.π Read
via "National Vulnerability Database".
ποΈ Developers still struggling with security issues during code reviews, study finds ποΈ
π Read
via "The Daily Swig".
The road to DevSecOps isnβt always the smoothestπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Developers still struggling with security issues during code reviews, study finds
The road to DevSecOps isnβt always the smoothest
π1
β US offers reward βup to $10 millionβ for information about the Conti gang β
π Read
via "Naked Security".
Wanted - Reward Offered - Five unknown individuals (plus a man with a weird hat)π Read
via "Naked Security".
Naked Security
US offers reward βup to $10 millionβ for information about the Conti gang
Wanted β Reward Offered β Five unknown individuals (plus a man with a weird hat)
β Chrome browser gets 11 security fixes with 1 zero-day β update now! β
π Read
via "Naked Security".
Don't delay - patch today.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π1
π΄ 7 Smart Ways to Secure Your E-Commerce Site π΄
π Read
via "Dark Reading".
Especially if your e-commerce and CMS platforms are integrated, you risk multiple potential sources of intrusion, and the integration points themselves may be vulnerable to attack.π Read
via "Dark Reading".
Dark Reading
7 Smart Ways to Secure Your E-Commerce Site
Especially if your e-commerce and CMS platforms are integrated, you risk multiple potential sources of intrusion, and the integration points themselves may be vulnerable to attack.
βΌ CVE-2022-37459 βΌ
π Read
via "National Vulnerability Database".
Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-45454 βΌ
π Read
via "National Vulnerability Database".
Ampere Altra before SRP 1.08b and Altra Max? before SRP 2.05 allow information disclosure of power telemetry via HWmon.π Read
via "National Vulnerability Database".
ποΈ Swiss Post relaunches e-voting bug bounty program ποΈ
π Read
via "The Daily Swig".
Ethical hackers invited to stress test election infrastructureπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Swiss Post relaunches e-voting bug bounty program
Ethical hackers invited to stress test election infrastructure
π΄ ThreatX Raises $30 Million in Series B Funding to Accelerate Growth in Global API Protection Market π΄
π Read
via "Dark Reading".
Funds will support product development and market expansion for ThreatX, which delivers real-time protection for APIs and Web apps against complex botnets, DDoS, and multimode attacks.π Read
via "Dark Reading".
Dark Reading
ThreatX Raises $30 Million in Series B Funding to Accelerate Growth in Global API Protection Market
Funds will support product development and market expansion for ThreatX, which delivers real-time protection for APIs and Web apps against complex botnets, DDoS, and multimode attacks.
π΄ AuditBoard Launches Third-Party Risk Management Solution, Empowering Enterprises to Tackle IT Vendor Risk at Scale π΄
π Read
via "Dark Reading".
Solution streamlines the assessment, monitoring, and remediation of third-party risk for information security, compliance, and risk teams.π Read
via "Dark Reading".
Dark Reading
AuditBoard Launches Third-Party Risk Management Solution, Empowering Enterprises to Tackle IT Vendor Risk at Scale
Solution streamlines the assessment, monitoring, and remediation of third-party risk for information security, compliance, and risk teams.
β APT Lazarus Targets Engineers with macOS Malware β
π Read
via "Threat Post".
The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems.π Read
via "Threat Post".
Threat Post
APT Lazarus Targets Engineers with macOS Malware
The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems.
π΄ Thoma Bravo Closes $6.9B Acquisition of Identity-Security Vendor SailPoint π΄
π Read
via "Dark Reading".
All-cash transaction deal that was first announced in April means SailPoint is no longer a publicly traded company.π Read
via "Dark Reading".
Dark Reading
Thoma Bravo Closes $6.9B Acquisition of Identity-Security Vendor SailPoint
All-cash transaction deal that was first announced in April means SailPoint is no longer a publicly traded company.
βΌ CVE-2022-38149 βΌ
π Read
via "National Vulnerability Database".
HashiCorp Consul Template through 0.29.1 inserts Sensitive Information into a Log File.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36186 βΌ
π Read
via "National Vulnerability Database".
A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNKNOWN-master via the function gf_filter_pid_set_property_full () at filter_core/filter_pid.c:5250,which causes a Denial of Service (DoS). This vulnerability was fixed in commit b43f9d1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2845 βΌ
π Read
via "National Vulnerability Database".
Buffer Over-read in GitHub repository vim/vim prior to 9.0.0217.π Read
via "National Vulnerability Database".
π€1