β Apple megaupdate: Ventura out, iOS and iPad kernel zero-day β act now! β
π Read
via "Naked Security".
Ventura hits the market with 112 patches, Catalina's gone missing, and iPhones and iPads get a critical kernel-level zero-day patch...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Clearview AI image-scraping face recognition service hit with β¬20m fine in France β
π Read
via "Naked Security".
"We told you to stop but you ignored us," said the French regulator, "so now we're coming after you again."π Read
via "Naked Security".
Naked Security
Clearview AI image-scraping face recognition service hit with β¬20m fine in France
βWe told you to stop but you ignored us,β said the French regulator, βso now weβre coming after you again.β
βΌ CVE-2022-43750 βΌ
π Read
via "National Vulnerability Database".
drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43747 βΌ
π Read
via "National Vulnerability Database".
baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in 2022 R2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31256 βΌ
π Read
via "National Vulnerability Database".
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25849 βΌ
π Read
via "National Vulnerability Database".
The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site Scripting (XSS) because the module of parse markdown does not filter the href attribute very well.π Read
via "National Vulnerability Database".
π΄ Dark Reading Launches New Section Dedicated to ICS/OT Security π΄
π Read
via "Dark Reading".
ICS/OT Security joins the lineup of 14 cybersecurity topic sections on the media site.π Read
via "Dark Reading".
Dark Reading
Dark Reading Launches New Section Dedicated to ICS/OT Security
ICS/OT Security joins the lineup of 14 cybersecurity topic sections on the media site.
π΄ Top 10 Kubernetes Security Risks Every DevSecOps Pro Should Know π΄
π Read
via "Dark Reading".
The mission to run any containerized application on any infrastructure makes security a challenge on Kubernetes.π Read
via "Dark Reading".
Dark Reading
Top 10 Kubernetes Security Risks Every DevSecOps Pro Should Know
The mission to run any containerized application on any infrastructure makes security a challenge on Kubernetes.
π΄ Baltimore/Washington International Thurgood Marshall Airport Selects Telos to Process Background Checks for Aviation Workers π΄
π Read
via "Dark Reading".
Telos' aviation channeling service offers increased efficiency and flexibility in credentialing operations at the busiest airport in the Washington-Baltimore region.π Read
via "Dark Reading".
Dark Reading
Baltimore/Washington International Thurgood Marshall Airport Selects Telos to Process Background Checks for Aviation Workers
Telos' aviation channeling service offers increased efficiency and flexibility in credentialing operations at the busiest airport in the Washington-Baltimore region.
π nfstream 6.5.3 π
π Read
via "Packet Storm Security".
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.π Read
via "Packet Storm Security".
Packetstormsecurity
nfstream 6.5.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Rezilion Vulnerability Scanner Benchmark Report Finds Top Scanners Only 73% Accurate π΄
π Read
via "Dark Reading".
Majority of vulnerability scanner tools overwhelming teams with false positives and missing exploitable vulnerabilities.π Read
via "Dark Reading".
Dark Reading
Rezilion Vulnerability Scanner Benchmark Report Finds Top Scanners Only 73% Accurate
Majority of vulnerability scanner tools overwhelming teams with false positives and missing exploitable vulnerabilities.
π΄ Open Source Is Just the Tip of the Iceberg in Software Supply Chain Security π΄
π Read
via "Dark Reading".
As more of the software stack consists of third-party code, it's time for a more-advanced open source vetting system.π Read
via "Dark Reading".
Dark Reading
Open Source Is Just the Tip of the Iceberg in Software Supply Chain Security
As more of the software stack consists of third-party code, it's time for a more-advanced open source vetting system.
π΄ BlackBerry Launches Cyber Threat Intelligence Service to Strengthen Cyber Defenses π΄
π Read
via "Dark Reading".
New service from BlackBerry's Threat Research and Intelligence Team reduces unknowns to enhance detection and response.π Read
via "Dark Reading".
Dark Reading
BlackBerry Launches Cyber Threat Intelligence Service to Strengthen Cyber Defenses
New service from BlackBerry's Threat Research and Intelligence Team reduces unknowns to enhance detection and response.
π΄ Valence Security Announces $25M Series A to Scale Delivery of Collaborative SaaS Security Remediation Solutions to Customers π΄
π Read
via "Dark Reading".
Led by Microsoft's M12 venture fund, Valence's Series A round accelerates the company's ability to help customers secure their SaaS mesh from risk created by democratized end-user adoption, third-party integrations, unmanaged identities, and external data sharing.π Read
via "Dark Reading".
Dark Reading
Valence Security Announces $25M Series A to Scale Delivery of Collaborative SaaS Security Remediation Solutions to Customers
Led by Microsoft's M12 venture fund, Valence's Series A round accelerates the company's ability to help customers secure their SaaS mesh from risk created by democratized end-user adoption, third-party integrations, unmanaged identities, and external dataβ¦
π΄ Google Enters Into Stipulated Agreement to Improve Legal Process Compliance Program π΄
π Read
via "Dark Reading".
Google admitted to loss of data responsive to 2016 search warrant and agreed to program enhancements, reporting obligations, and a first-of-its-kind Independent Compliance Professional.π Read
via "Dark Reading".
Dark Reading
Google Enters Into Stipulated Agreement to Improve Legal Process Compliance Program
Google admitted to loss of data responsive to 2016 search warrant and agreed to program enhancements, reporting obligations, and a first-of-its-kind Independent Compliance Professional.
π΄ 54% of Staff Would Reconsider Working for a Firm That Had Experienced a Cyber Breach, Research Finds π΄
π Read
via "Dark Reading".
Independent research from Encore uncovers hidden costs of cyber attacks.π Read
via "Dark Reading".
Dark Reading
54% of Staff Would Reconsider Working for a Firm That Had Experienced a Cyber Breach, Research Finds
Independent research from Encore uncovers hidden costs of cyber attacks.
π΄ Content Security Market Worth $2.2 Million by 2027 - Exclusive Study by MarketsandMarkets(TM) π΄
π Read
via "Dark Reading".
Concerns about breaches of sensitive information due to execution of malware scripts and growing adoption of cloud-based services are fueling growth of the content security market.π Read
via "Dark Reading".
Dark Reading
Content Security Market Worth $2.2 Million by 2027 - Exclusive Study by MarketsandMarkets(TM)
Concerns about breaches of sensitive information due to execution of malware scripts and growing adoption of cloud-based services are fueling growth of the content security market.
π΄ Cisco Warns AnyConnect VPNs Under Active Cyberattack π΄
π Read
via "Dark Reading".
Older bugs in the AnyConnect Secure Mobility Client are being targeted in the wild, showcasing patch-management failures.π Read
via "Dark Reading".
Dark Reading
Cisco Warns AnyConnect VPNs Under Active Cyberattack
Older bugs in the AnyConnect Secure Mobility Client are being targeted in the wild, showcasing patch-management failures.
π΄ 4 Reasons Open Source Matters for Cloud Security π΄
π Read
via "Dark Reading".
When we depend on an open commons as our computing foundation, we need it to be secure, and the most effective way to do that is through open solutions.π Read
via "Dark Reading".
Dark Reading
4 Reasons Open Source Matters for Cloud Security
When we depend on an open commons as our computing foundation, we need it to be secure, and the most effective way to do that is through open solutions.
ποΈ Jira Align flaws enabled malicious users to gain super admin privileges β and potentially worse ποΈ
π Read
via "The Daily Swig".
Lateral or upwards movement beyond the instance was theoretically possible, concludes researcherπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Jira Align flaws enabled malicious users to gain super admin privileges
Super admins can, among other things, modify Jira connections, reset user accounts, and modify security settings
βΌ CVE-2022-39357 βΌ
π Read
via "National Vulnerability Database".
Winter is a free, open-source content management system based on the Laravel PHP framework. The Snowboard framework in versions 1.1.8, 1.1.9, and 1.2.0 is vulnerable to prototype pollution in the main Snowboard class as well as its plugin loader. The 1.0 branch of Winter is not affected, as it does not contain the Snowboard framework. This issue has been patched in v1.1.10 and v1.2.1. As a workaround, one may avoid this issue by following some common security practices for JavaScript, including implementing a content security policy and auditing scripts.π Read
via "National Vulnerability Database".