⚠ Chrome browser gets 11 security fixes with 1 zero-day – update now! ⚠
📖 Read
via "Naked Security".
Don't delay - patch today.📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
👍1
🕴 7 Smart Ways to Secure Your E-Commerce Site 🕴
📖 Read
via "Dark Reading".
Especially if your e-commerce and CMS platforms are integrated, you risk multiple potential sources of intrusion, and the integration points themselves may be vulnerable to attack.📖 Read
via "Dark Reading".
Dark Reading
7 Smart Ways to Secure Your E-Commerce Site
Especially if your e-commerce and CMS platforms are integrated, you risk multiple potential sources of intrusion, and the integration points themselves may be vulnerable to attack.
‼ CVE-2022-37459 ‼
📖 Read
via "National Vulnerability Database".
Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2021-45454 ‼
📖 Read
via "National Vulnerability Database".
Ampere Altra before SRP 1.08b and Altra Max? before SRP 2.05 allow information disclosure of power telemetry via HWmon.📖 Read
via "National Vulnerability Database".
🗓️ Swiss Post relaunches e-voting bug bounty program 🗓️
📖 Read
via "The Daily Swig".
Ethical hackers invited to stress test election infrastructure📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Swiss Post relaunches e-voting bug bounty program
Ethical hackers invited to stress test election infrastructure
🕴 ThreatX Raises $30 Million in Series B Funding to Accelerate Growth in Global API Protection Market 🕴
📖 Read
via "Dark Reading".
Funds will support product development and market expansion for ThreatX, which delivers real-time protection for APIs and Web apps against complex botnets, DDoS, and multimode attacks.📖 Read
via "Dark Reading".
Dark Reading
ThreatX Raises $30 Million in Series B Funding to Accelerate Growth in Global API Protection Market
Funds will support product development and market expansion for ThreatX, which delivers real-time protection for APIs and Web apps against complex botnets, DDoS, and multimode attacks.
🕴 AuditBoard Launches Third-Party Risk Management Solution, Empowering Enterprises to Tackle IT Vendor Risk at Scale 🕴
📖 Read
via "Dark Reading".
Solution streamlines the assessment, monitoring, and remediation of third-party risk for information security, compliance, and risk teams.📖 Read
via "Dark Reading".
Dark Reading
AuditBoard Launches Third-Party Risk Management Solution, Empowering Enterprises to Tackle IT Vendor Risk at Scale
Solution streamlines the assessment, monitoring, and remediation of third-party risk for information security, compliance, and risk teams.
❌ APT Lazarus Targets Engineers with macOS Malware ❌
📖 Read
via "Threat Post".
The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems.📖 Read
via "Threat Post".
Threat Post
APT Lazarus Targets Engineers with macOS Malware
The North Korean APT is using a fake job posting for Coinbase in a cyberespionage campaign targeting users of both Apple and Intel-based systems.
🕴 Thoma Bravo Closes $6.9B Acquisition of Identity-Security Vendor SailPoint 🕴
📖 Read
via "Dark Reading".
All-cash transaction deal that was first announced in April means SailPoint is no longer a publicly traded company.📖 Read
via "Dark Reading".
Dark Reading
Thoma Bravo Closes $6.9B Acquisition of Identity-Security Vendor SailPoint
All-cash transaction deal that was first announced in April means SailPoint is no longer a publicly traded company.
‼ CVE-2022-38149 ‼
📖 Read
via "National Vulnerability Database".
HashiCorp Consul Template through 0.29.1 inserts Sensitive Information into a Log File.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36186 ‼
📖 Read
via "National Vulnerability Database".
A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNKNOWN-master via the function gf_filter_pid_set_property_full () at filter_core/filter_pid.c:5250,which causes a Denial of Service (DoS). This vulnerability was fixed in commit b43f9d1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2845 ‼
📖 Read
via "National Vulnerability Database".
Buffer Over-read in GitHub repository vim/vim prior to 9.0.0217.📖 Read
via "National Vulnerability Database".
🤔1
‼ CVE-2022-36190 ‼
📖 Read
via "National Vulnerability Database".
GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. This vulnerability was fixed in commit fef6242.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30262 ‼
📖 Read
via "National Vulnerability Database".
The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. They utilize the BSAP-IP protocol to transmit firmware updates. Firmware updates are supplied as CAB archive files containing a binary firmware image. In all cases, firmware images were found to have no authentication (in the form of firmware signing) and only relied on insecure checksums for regular integrity checks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31262 ‼
📖 Read
via "National Vulnerability Database".
An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM.📖 Read
via "National Vulnerability Database".
🕴 China-Backed RedAlpha APT Builds Sprawling Cyber-Espionage Infrastructure 🕴
📖 Read
via "Dark Reading".
The state-sponsored group particularly targets organizations working on behalf of the Uyghurs, Tibet, and Taiwan, looking to gather intel that could lead to human-rights abuses, researchers say.📖 Read
via "Dark Reading".
Dark Reading
China-Backed RedAlpha APT Builds Sprawling Cyber-Espionage Infrastructure
The state-sponsored group particularly targets organizations working on behalf of the Uyghurs, Tibet, and Taiwan, looking to gather intel that could lead to human-rights abuses, researchers say.
🕴 'Operation Sugarush' Mounts Concerning Spy Effort on Shipping, Healthcare Industries 🕴
📖 Read
via "Dark Reading".
A suspected Iranian threat actor known as UNC3890 is gathering intel that could be used for kinetic strikes against global shipping targets.📖 Read
via "Dark Reading".
Dark Reading
'Operation Sugarush' Mounts Concerning Spy Effort on Shipping, Healthcare Industries
A suspected Iranian threat actor known as UNC3890 is gathering intel that could be used for kinetic strikes against global shipping targets.
🕴 When Countries Are Attacked: Making the Case for More Private-Public Cooperation 🕴
📖 Read
via "Dark Reading".
The increased sophistication of cyberattacks makes them more widely damaging and difficult to prevent.📖 Read
via "Dark Reading".
Dark Reading
When Countries Are Attacked: Making the Case for More Private-Public Cooperation
The increased sophistication of cyberattacks makes them more widely damaging and difficult to prevent.
‼ CVE-2022-36191 ‼
📖 Read
via "National Vulnerability Database".
A heap-buffer-overflow had occurred in function gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, as demonstrated by MP4Box. This vulnerability was fixed in commit fef6242.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22455 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 224989.📖 Read
via "National Vulnerability Database".
🕴 'DarkTortilla' Malware Wraps in Sophistication for High-Volume RAT Infections 🕴
📖 Read
via "Dark Reading".
The stealthy crypter, active since 2015, has been used to deliver a wide range of information stealers and RATs at a rapid, widespread clip.📖 Read
via "Dark Reading".
Dark Reading
'DarkTortilla' Malware Wraps in Sophistication for High-Volume RAT Infections
The stealthy crypter, active since 2015, has been used to deliver a wide range of information stealers and RATs at a rapid, widespread clip.
👍1