βΌ CVE-2022-3705 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3704 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/action_dispatch/middleware/templates/routes/_table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is be177e4566747b73ff63fd5f529fab564e475ed4. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212319.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39348 βΌ
π Read
via "National Vulnerability Database".
Twisted is an event-based framework for internet applications. Started with version 0.9.4, when the host header does not match a configured host `twisted.web.vhost.NameVirtualHost` will return a `NoResource` resource which renders the Host header unescaped into the 404 response allowing HTML and script injection. In practice this should be very difficult to exploit as being able to modify the Host header of a normal HTTP request implies that one is already in a privileged position. This issue was fixed in version 22.10.0rc1. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40703 βΌ
π Read
via "National Vulnerability Database".
CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3363 βΌ
π Read
via "National Vulnerability Database".
Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39355 βΌ
π Read
via "National Vulnerability Database".
Discourse Patreon enables syncronization between Discourse Groups and Patreon rewards. On sites with Patreon login enabled, an improper authentication vulnerability could be used to take control of a victim's forum account. This vulnerability is patched in commit number 846d012151514b35ce42a1636c7d70f6dcee879e of the discourse-patreon plugin. Out of an abundance of caution, any Discourse accounts which have logged in with an unverified-email Patreon account will be logged out and asked to verify their email address on their next login. As a workaround, disable the patreon integration and log out all users with associated Patreon accounts.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39286 βΌ
π Read
via "National Vulnerability Database".
Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this issue. There are no known workarounds.π Read
via "National Vulnerability Database".
π’ Hive ransomware group claims cyber attack on Indiaβs Tata Power π’
π Read
via "ITPro".
The Indian energy company reported last week that its IT systems were down, with customers reporting difficulties in paying their billsπ Read
via "ITPro".
ITPro
Hive ransomware group claims cyber attack on Indiaβs Tata Power
The Indian energy company reported last week that its IT systems were down, with customers reporting difficulties in paying their bills
π’ The ultimate guide to deleting yourself from social media π’
π Read
via "ITPro".
Worried about oversharing β or just want to kick the social media habit? Weβve outlined concrete steps you can take to delete your identity from the most popular sites and servicesπ Read
via "ITPro".
ITPro
The ultimate guide to deleting yourself from social media
Worried about oversharing β or just want to kick the social media habit? Weβve outlined concrete steps you can take to delete your identity from the most popular sites and services
π’ ExtraHop partners with Splunk SOAR to offer visibility into encrypted network traffic π’
π Read
via "ITPro".
The new platform integration aims to reduce the amount of time security professionals spend on low-level analysis tasksπ Read
via "ITPro".
channelpro
ExtraHop partners with Splunk SOAR to offer visibility into encrypted network traffic
The new platform integration aims to reduce the amount of time security professionals spend on low-level analysis tasks
π’ Palo Alto Networks expands NextWave partner network π’
π Read
via "ITPro".
The revamped initiative aims to help partners deliver incident response services built on Cortex XDRπ Read
via "ITPro".
channelpro
Palo Alto Networks expands NextWave partner network
The revamped initiative aims to help partners deliver incident response services built on Cortex XDR
π’ A strategic guide for controlling and securing your data π’
π Read
via "ITPro".
Forrester's data security control frameworkπ Read
via "ITPro".
ITPro
A strategic guide for controlling and securing your data
Forrester's data security control framework
π’ FTC orders Uber-owned Drizly to improve "lax" data protection approach following 2020 breach π’
π Read
via "ITPro".
The Uber subsidiary has been hit with an FTC complaint, as the agency looks to send a message to the wider industryπ Read
via "ITPro".
ITPro
FTC orders Uber-owned Drizly to improve "lax" data protection approach following 2020 breach
The Uber subsidiary has been hit with an FTC complaint, as the agency looks to send a message to the wider industry
π’ What is secure deletion? π’
π Read
via "ITPro".
Want to ensure your deleted data canβt be recovered and abused? We explore how secure deletion works, and how you can best protect your informationπ Read
via "ITPro".
ITPro
What is secure deletion?
Want to ensure your deleted data canβt be recovered and abused? We explore how secure deletion works, and how you can best protect your information
π’ Database and big data security π’
π Read
via "ITPro".
KuppingerCole 2021 Leadership Compass Reportπ Read
via "ITPro".
ITPro
Database and big data security
KuppingerCole 2021 Leadership Compass Report
π’ Apple patches actively exploited iPhone, iPad zero-day and 18 other security flaws π’
π Read
via "ITPro".
The out-of-bounds write error is the eighth actively exploited zero-day impacting Apple hardware this year and could facilitate kernel-level code executionπ Read
via "ITPro".
ITPro
Apple patches actively exploited iPhone, iPad zero-day and 18 other security flaws
The out-of-bounds write error is the eighth actively exploited zero-day impacting Apple hardware this year and could facilitate kernel-level code execution
π’ Building a better password strategy for your business π’
π Read
via "ITPro".
Exploring the strategies and exploits that hackers are using to circumvent password security measuresπ Read
via "ITPro".
ITPro
Building a better password strategy for your business
Exploring the strategies and exploits that hackers are using to circumvent password security measures
π’ Medibank reveals damning extent of hack that could cost $35 million π’
π Read
via "ITPro".
The company disclosed that the attackers also had access to all of its circa 3.9 million customers' records, equivalent to 15% of the nationβs populationπ Read
via "ITPro".
ITPro
Medibank reveals damning extent of hack that could cost $35 million
The company disclosed that the attackers also had access to all of its circa 3.9 million customers' records, equivalent to 15% of the nationβs population
β Online ticketing company βSeeβ pwned for 2.5 years by attackers β
π Read
via "Naked Security".
Don't be a cybersecurity slowcoach - you need to spot possible attacks as soon as you can.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2022-3719 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in Exiv2 and classified as critical. This vulnerability affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The name of the patch is a38e124076138e529774d5ec9890d0731058115a. It is recommended to apply a patch to fix this issue. VDB-212350 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3716 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in SourceCodester Online Medicine Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /omos/admin/?page=user/list. The manipulation of the argument First Name/Middle Name/Last Name leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-212347.π Read
via "National Vulnerability Database".