🕴 Hackers Score Nearly $1M at Device-Focused Pwn2Own Contest 🕴
📖 Read
via "Dark Reading".
Offensive security researchers found 63 previously unreported vulnerabilities in printers, phones, and network-attached storage devices in the Zero Day Initiative's latest hackathon.📖 Read
via "Dark Reading".
Dark Reading
Hackers Score Nearly $1M at Device-Focused Pwn2Own Contest
Offensive security researchers found 63 previously unreported vulnerabilities in printers, phones, and network-attached storage devices in the Zero Day Initiative's latest hackathon.
🕴 Report: 79% of Employees Are Distracted at Work Amid a Year of Permacrisis 🕴
📖 Read
via "Dark Reading".
1Password's annual State of Access report reveals that distracted employees are twice as likely to do the bare minimum for security at work.📖 Read
via "Dark Reading".
Dark Reading
Report: 79% of Employees Are Distracted at Work Amid a Year of Permacrisis
1Password's annual State of Access report reveals that distracted employees are twice as likely to do the bare minimum for security at work.
🕴 Niels Provos Joins Lacework as Head of Security Efficacy 🕴
📖 Read
via "Dark Reading".
Former Head of Security at Stripe and Distinguished Security Engineer at Google joins cloud security leader to help scale security excellence across customer base.📖 Read
via "Dark Reading".
Dark Reading
Niels Provos Joins Lacework as Head of Security Efficacy
Former Head of Security at Stripe and Distinguished Security Engineer at Google joins cloud security leader to help scale security excellence across customer base.
🕴 Google Cloud and Palo Alto Networks Team to Protect the Modern Workforce 🕴
📖 Read
via "Dark Reading".
Enterprises can now adopt the industry's most comprehensive Zero Trust Network Access 2.0 to secure access to all applications from any device.📖 Read
via "Dark Reading".
Dark Reading
Google Cloud and Palo Alto Networks Team to Protect the Modern Workforce
Enterprises can now adopt the industry's most comprehensive Zero Trust Network Access 2.0 to secure access to all applications from any device.
🗓️ Cloud flaws brought to the fore as bug bounty vulnerabilities hit 65k in 2022 – HackerOne 🗓️
📖 Read
via "The Daily Swig".
Impact of cloud migration and shift to remote work evident in new report📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Cloud flaws brought to the fore as bug bounty vulnerabilities hit 65k in 2022 – HackerOne
Impact of cloud migration and shift to remote work evident in new report
⚠ Pwn2Own Toronto: 54 hacks, 63 new bugs, $1 million in bounties ⚠
📖 Read
via "Naked Security".
That's a mean average of $15,710 per bug... and 63 fewer bugs out there for crooks and rogues to find.📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
‼ CVE-2022-46140 ‼
📖 Read
via "National Vulnerability Database".
Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and retrieve debug information about the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20497 ‼
📖 Read
via "National Vulnerability Database".
In updatePublicMode of NotificationLockscreenUserManagerImpl.java, there is a possible way to reveal sensitive notifications on the lockscreen due to an incorrect state transition. This could lead to local information disclosure with physical access required and an app that runs above the lockscreen, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-246301979📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20496 ‼
📖 Read
via "National Vulnerability Database".
In setDataSource of initMediaExtractor.cpp, there is a possibility of arbitrary code execution due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-245242273📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46143 ‼
📖 Read
via "National Vulnerability Database".
Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially contains previously allocated data.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41284 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46051 ‼
📖 Read
via "National Vulnerability Database".
The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46144 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in SCALANCE SC622-2C (All versions < V2.3), SCALANCE SC622-2C (All versions >= 2.3 < V3.0), SCALANCE SC626-2C (All versions < V2.3), SCALANCE SC626-2C (All versions >= 2.3 < V3.0), SCALANCE SC632-2C (All versions < V2.3), SCALANCE SC632-2C (All versions >= 2.3 < V3.0), SCALANCE SC636-2C (All versions < V2.3), SCALANCE SC636-2C (All versions >= 2.3 < V3.0), SCALANCE SC642-2C (All versions < V2.3), SCALANCE SC642-2C (All versions >= 2.3 < V3.0), SCALANCE SC646-2C (All versions < V2.3), SCALANCE SC646-2C (All versions >= 2.3 < V3.0). Affected devices do not properly process CLI commands after a user forcefully quitted the SSH connection. This could allow an authenticated attacker to make the CLI via SSH or serial interface irresponsive.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20480 ‼
📖 Read
via "National Vulnerability Database".
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-241764350📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46346 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19071)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20491 ‼
📖 Read
via "National Vulnerability Database".
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703556📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20500 ‼
📖 Read
via "National Vulnerability Database".
In loadFromXml of ShortcutPackage.java, there is a possible crash on boot due to an uncaught exception. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246540168📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45936 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in Mendix Email Connector (All versions < V2.0.0). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read and manipulate sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41281 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been identified in JT2Go (All versions), Teamcenter Visualization V13.2 (All versions < V13.2.0.12), Teamcenter Visualization V13.3 (All versions < V13.3.0.8), Teamcenter Visualization V14.0 (All versions < V14.0.0.4), Teamcenter Visualization V14.1 (All versions < V14.1.0.6). The CGM_NIST_Loader.dll contains an out of bounds read vulnerability when parsing a CGM file. An attacker can leverage this vulnerability to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20488 ‼
📖 Read
via "National Vulnerability Database".
In NotificationChannel of NotificationChannel.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703217📖 Read
via "National Vulnerability Database".