π Data Protection β Are We Focused on the Correct Areas? π
π Read
via "".
How do you deploy a strategy for the data loss you can't see? The breaches you don't hear about? Our Wade Barisoff draws parallels between WWII airplanes and data protection to find the answer.π Read
via "".
βΌ CVE-2022-39236 βΌ
π Read
via "National Vulnerability Database".
Matrix Javascript SDK is the Matrix Client-Server SDK for JavaScript. Starting with version 17.1.0-rc.1, improperly formed beacon events can disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This is patched in matrix-js-sdk v19.7.0. Redacting applicable events, waiting for the sync processor to store data, and restarting the client are possible workarounds. Alternatively, redacting the applicable events and clearing all storage will fix the further perceived issues. Downgrading to an unaffected version, noting that such a version may be subject to other vulnerabilities, will additionally resolve the issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36771 βΌ
π Read
via "National Vulnerability Database".
IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access to. IBM X-Force ID: 232791.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36448 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. There is an SMM memory corruption vulnerability in the Software SMI handler in the PnpSmm driver.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3354 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in Open5GS up to 2.4.10 and classified as problematic. This vulnerability affects unknown code in the library lib/core/ogs-tlv-msg.c of the component UDP Packet Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-209686 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35722 βΌ
π Read
via "National Vulnerability Database".
IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231381.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35282 βΌ
π Read
via "National Vulnerability Database".
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker with local network access could exploit this vulnerability to obtain sensitive data.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41434 βΌ
π Read
via "National Vulnerability Database".
A stored Cross-Site Scripting (XSS) vulnerability exists in version 1.0 of the Expense Management System application that allows for arbitrary execution of JavaScript commands through index.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22387 βΌ
π Read
via "National Vulnerability Database".
IBM Application Gateway is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221965.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38934 βΌ
π Read
via "National Vulnerability Database".
readelf in ToaruOS 2.0.1 has some arbitrary address read vulnerabilities when parsing a crafted ELF file.π Read
via "National Vulnerability Database".
π΄ Phishing Attacks Crushed Records Last Quarter, Driven by Mobile π΄
π Read
via "Dark Reading".
Shocking phishing numbers (more than 1 million in a single quarter) are being driven by vishing, smishing, and other lures that target mobile devices.π Read
via "Dark Reading".
Dark Reading
Phishing Attacks Crushed Records Last Quarter, Driven by Mobile
Shocking phishing numbers (more than 1 million in a single quarter) are being driven by vishing, smishing, and other lures that target mobile devices.
π΄ Google Cloud DORA: Securing the Supply Chain Begins With Culture π΄
π Read
via "Dark Reading".
The team's annual survey finds that the right development culture is better than technical measures when it comes to shoring up software supply chain security practices. An additional benefit: Less burnout.π Read
via "Dark Reading".
Dark Reading
Google Cloud DORA: Securing the Supply Chain Begins With Culture
The team's annual survey finds that the right development culture is better than technical measures when it comes to shoring up software supply chain security practices. An additional benefit: Less burnout.
βΌ CVE-2022-40929 βΌ
π Read
via "National Vulnerability Database".
XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3193 βΌ
π Read
via "National Vulnerability Database".
An HTML injection/reflected Cross-site scripting (XSS) vulnerability was found in the ovirt-engine. A parameter "error_description" fails to sanitize the entry, allowing the vulnerability to trigger on the Windows Service Accounts home pages.π Read
via "National Vulnerability Database".
π΄ Container Supply Chain Attacks Cash In on Cryptojacking π΄
π Read
via "Dark Reading".
Cloud-native threats are costing cloud customer victims money as cryptojackers mine their vulnerable cloud instances.π Read
via "Dark Reading".
Dark Reading
Container Supply Chain Attacks Cash In on Cryptojacking
Cloud-native threats are costing cloud customer victims money as cryptojackers mine their vulnerable cloud instances.
π΄ Fast Company CMS Hack Raises Security Questions π΄
π Read
via "Dark Reading".
The company's website remains offline after hackers used its compromised CMS to send out racist messages.π Read
via "Dark Reading".
Dark Reading
Fast Company CMS Hack Raises Security Questions
The company's website remains offline after hackers used its compromised CMS to send out racist messages.
π΄ Sophisticated Covert Cyberattack Campaign Targets Military Contractors π΄
π Read
via "Dark Reading".
Malware used in the STEEP#MAVERICK campaign features rarely seen obfuscation, anti-analysis, and evasion capabilities.π Read
via "Dark Reading".
Dark Reading
Sophisticated Covert Cyberattack Campaign Targets Military Contractors
Malware used in the STEEP#MAVERICK campaign features rarely seen obfuscation, anti-analysis, and evasion capabilities.
π΄ Google Quashes 5 High-Severity Bugs With Chrome 106 Update π΄
π Read
via "Dark Reading".
External researchers contributed 16 of the 20 security updates included in the new Chrome 106 Stable Channel rollout, including five high-severity bugs.π Read
via "Dark Reading".
Dark Reading
Google Quashes 5 High-Severity Bugs With Chrome 106 Update
External researchers contributed 16 of the 20 security updates included in the new Chrome 106 Stable Channel rollout, including five high-severity bugs.
π΄ Plug Your Data Leaks: Integrating Data Loss Prevention into Your Security Stack π΄
π Read
via "Dark Reading".
The average cost of a data-exposing cybersecurity incident is $4.35 million. If your business canβt avoid to pay, make sure youβve got a strong data loss prevention practice in place.π Read
via "Dark Reading".
Dark Reading
Plug Your Data Leaks: Integrating Data Loss Prevention into Your Security Stack
The average cost of a data-exposing cybersecurity incident is $4.35 million. If your business canβt avoid to pay, make sure youβve got a strong data loss prevention practice in place.
βΌ CVE-2022-3215 βΌ
π Read
via "National Vulnerability Database".
NIOHTTP1 and projects using it for generating HTTP responses can be subject to a HTTP Response Injection attack. This occurs when a HTTP/1.1 server accepts user generated input from an incoming request and reflects it into a HTTP/1.1 response header in some form. A malicious user can add newlines to their input (usually in encoded form) and "inject" those newlines into the returned HTTP response. This capability allows users to work around security headers and HTTP/1.1 framing headers by injecting entirely false responses or other new headers. The injected false responses may also be treated as the response to subsequent requests, which can lead to XSS, cache poisoning, and a number of other flaws. This issue was resolved by adding validation to the HTTPHeaders type, ensuring that there's no whitespace incorrectly present in the HTTP headers provided by users. As the existing API surface is non-failable, all invalid characters are replaced by linear whitespace.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1270 βΌ
π Read
via "National Vulnerability Database".
In GraphicsMagick, a heap buffer overflow was found when parsing MIFF.π Read
via "National Vulnerability Database".