π’ Boeing 737 MAX: You can no longer escape liability due to poor code π’
π Read
via "ITPro".
Known vulnerabilities in Boeingβs flight software led to two fatal crashes, as well as a landmark decision with major ramifications for software developmentπ Read
via "ITPro".
IT PRO
The Boeing 737 MAX debacle shows you can no longer escape liability due to poorly configured code | IT PRO
Known vulnerabilities in Boeingβs flight software led to two fatal crashes, as well as a landmark decision with major ramifications for software development
π’ Second Singtel subsidiary breach in a month sees customer and client data leaked π’
π Read
via "ITPro".
The incident at Singtel subsidiary Dialog follows the earlier breach at Singtel-owned Optus, Australia's second-largest telcoπ Read
via "ITPro".
IT PRO
Second Singtel subsidiary breach in a month sees customer and client data leaked | IT PRO
The incident at Singtel subsidiary Dialog follows the earlier breach at Singtel-owned Optus, Australia's second-largest telco
π’ Toyota discovers five-year-old email leak, customers at risk of phishing attacks π’
π Read
via "ITPro".
Security experts have said the company has no way of knowing whether the emails were accessedπ Read
via "ITPro".
IT PRO
Toyota discovers five-year-old email leak, customers at risk of phishing attacks | IT PRO
Security experts have said the company has no way of knowing whether the emails were accessed
π’ GCHQ chief calls for greater quantum investment, warns of looming Chinese tech dominance π’
π Read
via "ITPro".
Jeremy Fleming said that when it comes to technology, the politically motivated actions of the Chinese state are an increasingly urgent problem that must be acknowledged and addressedπ Read
via "ITPro".
IT PRO
GCHQ chief calls for greater quantum investment, warns of looming Chinese tech dominance | IT PRO
Jeremy Fleming said that when it comes to technology, the politically motivated actions of the Chinese state are an increasingly urgent problem that must be acknowledged and addressed
π’ Hacker steals $566 million from Binance Bridge using proof-forgery exploit π’
π Read
via "ITPro".
An exploit discovered in the exchange platform's proof verifier let the hacker take 2m BNB without raising alarm bellsπ Read
via "ITPro".
IT PRO
Hacker steals $566 million from Binance Bridge using proof-forgery exploit | IT PRO
An exploit discovered in the exchange platform's proof verifier let the hacker take 2m BNB without raising alarm bells
π’ Papa John's faces class-action lawsuit for alleged misuse of session tracking scripts π’
π Read
via "ITPro".
Session replay tools are used on a variety of websites for analytics purposes, but the pizza retailer faces claims it is engaged in unreasonable profilingπ Read
via "ITPro".
IT PRO
Papa John's faces class-action lawsuit for alleged misuse of session tracking scripts | IT PRO
Session replay tools are used on a variety of websites for analytics purposes, but the pizza retailer faces claims it is engaged in unreasonable profiling
π’ Intel Alder Lake chips safe from novel exploits following source code leak, experts say π’
π Read
via "ITPro".
The mystery surrounding how the code was leaked is a more interesting story, experts told IT Pro, despite others branding the incident "scary"π Read
via "ITPro".
IT PRO
Intel Alder Lake chips safe from novel exploits following source code leak, experts say | IT PRO
The mystery surrounding how the code was leaked is a more interesting story, experts told IT Pro, despite others branding the incident "scary"
π’ NCSC: Businesses are too often 'seduced' by the attractive lure of phishing tests π’
π Read
via "ITPro".
The debate around the importance of phishing tests in cyber security rages on but businesses need to be careful if they decide to embrace them, the UK's cyber authority has warnedπ Read
via "ITPro".
IT PRO
NCSC: Businesses are too often 'seduced' by the attractive lure of phishing tests | IT PRO
The debate around the importance of phishing tests in cyber security rages on but businesses need to be careful if they decide to embrace them, the UK's cyber authority has warned
π’ Meta notifies around 1 million Facebook users of potential compromise through malicious apps π’
π Read
via "ITPro".
The vast majority of apps targeting iOS users appeared to be genuine apps for managing business functions such as advertising and analyticsπ Read
via "ITPro".
IT PRO
Meta notifies around 1 million Facebook users of potential compromise through malicious apps | IT PRO
The vast majority of apps targeting iOS users appeared to be genuine apps for managing business functions such as advertising and analytics
π’ Microsoft's third mitigation update for Exchange Server zero-day exploit bypassed within hours π’
π Read
via "ITPro".
The string of problematic temporary fixes for βProxyNotShellβ grows longer after a 'confusing' and 'atypical' week-long vulnerability disclosure processπ Read
via "ITPro".
ITPro
Microsoft's third mitigation update for Exchange Server zero-day exploit bypassed within hours
The string of problematic temporary fixes for βProxyNotShellβ grows longer after a 'confusing' and 'atypical' week-long vulnerability disclosure process
βΌ CVE-2022-40664 βΌ
π Read
via "National Vulnerability Database".
Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3458 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Human Resource Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /employeeview.php of the component Image File Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-210559.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2720 βΌ
π Read
via "National Vulnerability Database".
In affected versions of Octopus Server it was identified that when a sensitive value is a substring of another value, sensitive value masking will only partially work.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3465 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in Mediabridge Medialink. This vulnerability affects unknown code of the file /index.asp. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210700.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3464 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in puppyCMS up to 5.1. This affects an unknown part of the file /admin/settings.php. The manipulation of the argument site_name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-210699.π Read
via "National Vulnerability Database".
π΄ InterVision Announces Study Identifying Ransomware as No. 1 Threat to Business Longevity π΄
π Read
via "Dark Reading".
InterVision releases a new website focused on the customer experience, making B2B cybersecurity purchasing decisions easier.π Read
via "Dark Reading".
Dark Reading
InterVision Announces Study Identifying Ransomware as No. 1 Threat to Business Longevity
InterVision releases a new website focused on the customer experience, making B2B cybersecurity purchasing decisions easier.
βΌ CVE-2022-37614 βΌ
π Read
via "National Vulnerability Database".
Prototype pollution vulnerability in function enable in mockery.js in mfncooper mockery commit 822f0566fd6d72af8c943ae5ca2aa92e516aa2cf via the key variable in mockery.js.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42715 βΌ
π Read
via "National Vulnerability Database".
A reflected XSS vulnerability exists in REDCap before 12.04.18 in the Alerts & Notifications upload feature. A crafted CSV file will, when uploaded, trigger arbitrary JavaScript code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40871 βΌ
π Read
via "National Vulnerability Database".
Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.π Read
via "National Vulnerability Database".
π΄ 2 Out of 3 Companies See Zero Trust Network Access as Key to Mitigate Work-From-Anywhere Risks, According to New EMA Report π΄
π Read
via "Dark Reading".
Report also shows that cloud-based solutions minimize complexity to enable easy adoption by small to midsize businesses.π Read
via "Dark Reading".
Dark Reading
2 Out of 3 Companies See Zero Trust Network Access as Key to Mitigate Work-From-Anywhere Risks, According to New EMA Report
Report also shows that cloud-based solutions minimize complexity to enable easy adoption by small to midsize businesses.
π΄ Cloud Data Breaches Are Running Rampant. What Are the Common Characteristics? π΄
π Read
via "Dark Reading".
Protecting against data breaches requires detailed analysis of recent attacks for remediation and prevention.π Read
via "Dark Reading".
Dark Reading
Cloud Data Breaches Are Running Rampant. What Are the Common Characteristics?
Protecting against data breaches requires detailed analysis of recent attacks for remediation and prevention.