βΌ CVE-2022-32793 βΌ
π Read
via "National Vulnerability Database".
Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32811 βΌ
π Read
via "National Vulnerability Database".
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32834 βΌ
π Read
via "National Vulnerability Database".
An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32840 βΌ
π Read
via "National Vulnerability Database".
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to execute arbitrary code with kernel privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2018-14519 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a malicious CSRF page and force the user to delete a page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32894 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32810 βΌ
π Read
via "National Vulnerability Database".
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to execute arbitrary code with kernel privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2018-14520 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32813 βΌ
π Read
via "National Vulnerability Database".
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. An app with root privileges may be able to execute arbitrary code with kernel privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32838 βΌ
π Read
via "National Vulnerability Database".
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6. An app may be able to read arbitrary files.π Read
via "National Vulnerability Database".
π’ IT Pro News In Review: Global south fights ransomware while Alphabet splurges on blockchain π’
π Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutesπ Read
via "ITPro".
IT PRO
IT Pro News In Review: Global south fights ransomware while Alphabet splurges on blockchain
Catch up on the biggest headlines of the week in just two minutes
π’ Record for the largest ever HTTPS DDoS attack smashed once again π’
π Read
via "ITPro".
The DDoS attack lasted 69 minutes and surpassed the previous record of 26 million RPSπ Read
via "ITPro".
IT PRO
Record for the largest ever HTTPS DDoS attack smashed once again | IT PRO
The DDoS attack lasted 69 minutes and surpassed the previous record of 26 million RPS
π’ Escape the ransomware maze π’
π Read
via "ITPro".
Conventional endpoint protection tools just arenβt the best defence anymoreπ Read
via "ITPro".
IT PRO
Escape the ransomware maze
Conventional endpoint protection tools just arenβt the best defence anymore
βΌ CVE-2022-34960 βΌ
π Read
via "National Vulnerability Database".
The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32427 βΌ
π Read
via "National Vulnerability Database".
PrinterLogic Windows Client through 25.0.0.676 allows attackers to execute directory traversal. Authenticated users with prior knowledge of the driver filename could exploit this to escalate privileges or distribute malicious content.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2957 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in SourceCodester Simple and Nice Shopping Cart Script. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The manipulation of the argument mem_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207001 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
π΄ New Exterro FTK Update Accelerates Mobile Digital Forensics π΄
π Read
via "Dark Reading".
The FTK 7.6 portfolio promises better integration with other security and network resources, as well as unified analysis of mobile and computer evidence.π Read
via "Dark Reading".
Dark Reading
New Exterro FTK Update Accelerates Mobile Digital Forensics
The FTK 7.6 portfolio promises better integration with other security and network resources, as well as unified analysis of mobile and computer evidence.
π΄ Thousands of Organizations Remain at Risk From Critical Zero-Click IP Camera Bug π΄
π Read
via "Dark Reading".
The US Cybersecurity and Infrastructure Security Agency had wanted federal agencies to implement the fix for the RCE flaw in Hikvision cameras by Jan. 24, 2022.π Read
via "Dark Reading".
Dark Reading
Thousands of Organizations Remain at Risk From Critical Zero-Click IP Camera Bug
The US Cybersecurity and Infrastructure Security Agency had wanted federal agencies to implement the fix for the RCE flaw in Hikvision cameras by Jan. 24, 2022.
ποΈ Ethereum Foundation offers $1m bug bounty payouts with proof-of-stake migration multiplier ποΈ
π Read
via "The Daily Swig".
Eco-friendly upgrade sends bounties soaring as computational demands plummetπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Ethereum Foundation offers $1m bug bounty payouts with proof-of-stake migration multiplier
Eco-friendly upgrade sends bounties soaring as computational demands plummet
π΄ Optiv's Annual $40K Scholarship for Black, African-American-Identifying STEM Students Now Open for Applicants π΄
π Read
via "Dark Reading".
Optiv's Black Employee Network offers the scholarship, paid out over 4 years, for students seeking a career in the cybersecurity/information security industry.π Read
via "Dark Reading".
Dark Reading
Optiv's Annual $40K Scholarship for Black, African-American-Identifying STEM Students Now Open for Applicants
Optiv's Black Employee Network offers the scholarship, paid out over 4 years, for students seeking a career in the cybersecurity/information security industry.
π΄ Penetration Testing Market Worth $2.7B By 2027: MarketsandMarkets(TM) Report π΄
π Read
via "Dark Reading".
Increase driven by increasingly sophisticated cyberattacks as well as increase in mobile-based business-critical applications, according to report.π Read
via "Dark Reading".
Dark Reading
Penetration Testing Market Worth $2.7B By 2027: MarketsandMarkets(TM) Report
Increase driven by increasingly sophisticated cyberattacks as well as increase in mobile-based business-critical applications, according to report.