π’ Forrester: Autonomous βset and forget securityβ is βa pipe dreamβ π’
π Read
via "ITPro".
Leading analyst says the complexity of security will always outmatch automated systems, keeping human security a necessary expenseπ Read
via "ITPro".
ITPro
Forrester: Autonomous βset and forget securityβ is βa pipe dreamβ
Leading analyst says the complexity of security will always outmatch automated systems, keeping human security a necessary expense
π’ Australian patient data breached for months in country's latest major cyber incident π’
π Read
via "ITPro".
The pathology company claims to have carried out an investigation when it was hit with a cyber attack but didnβt find any evidence that information had been compromisedπ Read
via "ITPro".
ITPro
Australian patient data breached for months in country's latest major cyber incident
The pathology company claims to have carried out an investigation when it was hit with a cyber attack but didnβt find any evidence that information had been compromised
π1
π’ Second-ever OpenSSL critical vulnerability teased, 10 years after Heartbleed π’
π Read
via "ITPro".
All OpenSSL versions beyond 3.0 are at risk, with more details due to be released alongside a patch on 1 Novemberπ Read
via "ITPro".
ITPro
Second-ever OpenSSL critical vulnerability teased, 10 years after Heartbleed
All OpenSSL versions beyond 3.0 are at risk, with more details due to be released alongside a patch on 1 November
π’ Information security vs cyber security vs network security: What are the differences? π’
π Read
via "ITPro".
A guide to the essential differences between information, network, and cyber security and the basic tenets of eachπ Read
via "ITPro".
ITPro
Information security vs cyber security vs network security: What are the differences?
A guide to the essential differences between information, network, and cyber security and the basic tenets of each
π’ See Tickets admits it took nine months to remove malicious code from site π’
π Read
via "ITPro".
Any customer who gave their details to the company for nearly three years could be at riskπ Read
via "ITPro".
ITPro
See Tickets admits it took nine months to remove malicious code from site
Any customer who gave their details to the company for nearly three years could be at risk
βΌ CVE-2022-3754 βΌ
π Read
via "National Vulnerability Database".
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.π Read
via "National Vulnerability Database".
β Updates to Appleβs zero-day update story β iPhone and iPad users read this! β
π Read
via "Naked Security".
Turns out that Tuesday's zero-day for iOS 16 is Friday's zero-day for iOS 15...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π2
β Chrome issues urgent zero-day fix β update now! β
π Read
via "Naked Security".
We've said it before/And we'll say it again/It's not *if* you should patch/It's a matter of *when*. (Hint: now!)π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2022-3756 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Exiv2. It has been classified as critical. Affected is the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The name of the patch is bf4f28b727bdedbd7c88179c30d360e54568a62e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-212496.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42777 βΌ
π Read
via "National Vulnerability Database".
Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server or a user's local machine, as demonstrated by System.Diagnostics.Process.Start.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3755 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Exiv2 and classified as problematic. This issue affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The name of the patch is 6bb956ad808590ce2321b9ddf6772974da27c4ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212495.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3757 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Exiv2. It has been declared as critical. Affected by this vulnerability is the function QuickTimeVideo::decodeBlock of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The name of the patch is d3651fdbd352cbaf259f89abf7557da343339378. It is recommended to apply a patch to fix this issue. The identifier VDB-212497 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42915 βΌ
π Read
via "National Vulnerability Database".
curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44033 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach().π Read
via "National Vulnerability Database".
βΌ CVE-2022-44032 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach().π Read
via "National Vulnerability Database".
βΌ CVE-2022-44019 βΌ
π Read
via "National Vulnerability Database".
In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44034 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove().π Read
via "National Vulnerability Database".
βΌ CVE-2022-44020 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."π Read
via "National Vulnerability Database".
βΌ CVE-2022-44022 βΌ
π Read
via "National Vulnerability Database".
PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging response timings for authentication attempts.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44023 βΌ
π Read
via "National Vulnerability Database".
PwnDoc through 0.5.3 might allow remote attackers to identify disabled user account names by leveraging response timings for authentication attempts.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3766 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.8.π Read
via "National Vulnerability Database".