βΌ CVE-2022-37345 βΌ
π Read
via "National Vulnerability Database".
Improper authentication in BIOS firmware[A1] for some Intel(R) NUC Kits before version RY0386 may allow an authenticated user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3957 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28611 βΌ
π Read
via "National Vulnerability Database".
Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40750 βΌ
π Read
via "National Vulnerability Database".
IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236588.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36377 βΌ
π Read
via "National Vulnerability Database".
Incorrect default permissions in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36789 βΌ
π Read
via "National Vulnerability Database".
Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38099 βΌ
π Read
via "National Vulnerability Database".
Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36938 βΌ
π Read
via "National Vulnerability Database".
DexLoader function get_stringidx_fromdex() in Redex prior to commit 3b44c64 can load an out of bound address when loading the string index table, potentially allowing remote code execution during processing of a 3rd party Android APK file.π Read
via "National Vulnerability Database".
π1
β Dangerous SIM-swap lockscreen bypass β update Android now! β
π Read
via "Naked Security".
A bit like leaving the front door keys under the doormat...π Read
via "Naked Security".
Naked Security
Dangerous SIM-swap lockscreen bypass β update Android now!
A bit like leaving the front door keys under the doormatβ¦
π2
π΄ Quantum Cryptography Apocalypse: A Timeline and Action Plan π΄
π Read
via "Dark Reading".
Quantum computing's a clear threat to encryption, and post-quantum crypto means adding new cryptography to hardware and software without being disruptive.π Read
via "Dark Reading".
Dark Reading
Quantum Cryptography Apocalypse: A Timeline and Action Plan
Quantum computing's a clear threat to encryption, and post-quantum crypto means adding new cryptography to hardware and software without being disruptive.
π΄ Avatier Achieves ISO 27001 Certification for its Information Security Management System π΄
π Read
via "Dark Reading".
Designation recognizes highest caliber of information security.π Read
via "Dark Reading".
Dark Reading
Avatier Achieves ISO 27001 Certification for its Information Security Management System
Designation recognizes highest caliber of information security.
π΄ Privacy4Cars Secures Fourth Patent to Remove Privacy Information From Vehicles and Create Compliance Logs π΄
π Read
via "Dark Reading".
Data-deletion service's patent covers removing personal information such as geolocation, biometrics, and phone records from a vehicle by using a user-computing deviceπ Read
via "Dark Reading".
Dark Reading
Privacy4Cars Secures Fourth Patent to Remove Privacy Information From Vehicles and Create Compliance Logs
Data-deletion service's patent covers removing personal information such as geolocation, biometrics, and phone records from a vehicle by using a user-computing device
π1
ποΈ All Day DevOps: Third of Log4j downloads still pull vulnerable version despite threat of supply chain attacks ποΈ
π Read
via "The Daily Swig".
AppSec engineer keynote says Log4j revealed lessons were not learned from the Equifax breachπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
All Day DevOps: Third of Log4j downloads still pull vulnerable version despite threat of supply chain attacks
AppSec engineer keynote says Log4j revealed lessons were not learned from the Equifax breach
β βGucci Masterβ business email scammer Hushpuppi gets 11 years β
π Read
via "Naked Security".
Learn how to protect yourself from big-money tricksters like the Hushpuppis of the world...π Read
via "Naked Security".
Naked Security
βGucci Masterβ business email scammer Hushpuppi gets 11 years
Learn how to protect yourself from big-money tricksters like the Hushpuppis of the worldβ¦
π΄ Unpatched Zimbra Platforms Are Probably Compromised, CISA Says π΄
π Read
via "Dark Reading".
Attackers are targeting Zimbra systems in the public and private sectors, looking to exploit multiple vulnerabilities, CISA says.π Read
via "Dark Reading".
Dark Reading
Unpatched Zimbra Platforms Are Probably Compromised, CISA Says
Attackers are targeting Zimbra systems in the public and private sectors, looking to exploit multiple vulnerabilities, CISA says.
π1
π΄ Australia Declares War on Cybercrime Syndicates π΄
π Read
via "Dark Reading".
An international counter-ransomware task force has been announced by Australian authorities following the recent Optus and Medibank data breaches.π Read
via "Dark Reading".
Dark Reading
Australia Declares War on Cybercrime Syndicates
An international counter-ransomware task force has been announced by Australian authorities following the recent Optus and Medibank data breaches.
π€―2π1
π΄ Researchers Sound Alarm on Dangerous BatLoader Malware Dropper π΄
π Read
via "Dark Reading".
BatLoader has spread rapidly to roost in systems globally, tailoring payloads to its victims.π Read
via "Dark Reading".
Dark Reading
Researchers Sound Alarm on Dangerous BatLoader Malware Dropper
BatLoader has spread rapidly to roost in systems globally, tailoring payloads to its victims.
π1π€1
π΄ Evolving Security for Government Multiclouds π΄
π Read
via "Dark Reading".
As the threat landscape increases, public cloud security needs to evolve.π Read
via "Dark Reading".
Dark Reading
Evolving Security for Government Multiclouds
As the threat landscape increases, public cloud security needs to evolve.
ποΈ Mastodon users vulnerable to password-stealing attacks ποΈ
π Read
via "The Daily Swig".
Patched bug could have leaked credentialsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Mastodon users vulnerable to password-stealing attacks
Patched bug could have leaked credentials
π΄ Nasty SQL Injection Bug in Zendesk Endangers Sensitive Customer Data π΄
π Read
via "Dark Reading".
The API-related vulnerabilities put conversations, email addresses, tickets, and more in danger of exposure via the Zendesk Explore reporting service.π Read
via "Dark Reading".
Dark Reading
Nasty SQL Injection Bug in Zendesk Endangers Sensitive Customer Data
The API-related vulnerabilities put conversations, email addresses, tickets, and more in danger of exposure via the Zendesk Explore reporting service.
π΄ Yakima Neighborhood Health Services Notice of Data Security Incident π΄
π Read
via "Dark Reading".
.π Read
via "Dark Reading".
Dark Reading
Yakima Neighborhood Health Services Notice of Data Security Incident
.