βΌ CVE-2022-3106 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 5.16-rc6. ef100_update_stats in drivers/net/ethernet/sfc/ef100_nic.c lacks check of the return value of kmalloc().π Read
via "National Vulnerability Database".
βΌ CVE-2022-3107 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 5.16-rc6. netvsc_get_ethtool_stats in drivers/net/hyperv/netvsc_drv.c lacks check of the return value of kvmalloc_array() and will cause the null pointer dereference.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4283 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46342 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XvdiSelectVideoNotify request may write to memory after it has been freed. This issue can lead to local privileges elevation on systems where the X seπ Read
via "National Vulnerability Database".
βΌ CVE-2022-46340 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in X.Org. This security flaw occurs becuase the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths larger than 32 bytes are sent through a the XTestFakeInput request. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions. This issue does not affect systems where client and server use the same byte order.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3108 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 5.16-rc6. kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c lacks check of the return value of kmemdup().π Read
via "National Vulnerability Database".
βΌ CVE-2022-3917 βΌ
π Read
via "National Vulnerability Database".
Improper access control of bootloader function was discovered in Motorola Mobility Motorola e20 prior to version RONS31.267-38-8 allows attacker with local access to read partition or RAM data.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47410 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3115 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 5.16-rc6. malidp_crtc_reset in drivers/gpu/drm/arm/malidp_crtc.c lacks check of the return value of kzalloc() and will cause the null pointer dereference.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46341 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in X.Org. This security flaw occurs because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X forwarding sessions.π Read
via "National Vulnerability Database".
π’ WithSecure Elements Endpoint Protection review: Holistic protection at a great price π’
π Read
via "ITPro".
Smart cloud-hosted security offering affordable endpoint protection for a wide range of devices at a good priceπ Read
via "ITPro".
ITPro
WithSecure Elements Endpoint Protection review: Holistic protection at a great price
Smart cloud-hosted security offering affordable endpoint protection for a wide range of devices at a good price
π’ Apple issues fix for βactively exploitedβ WebKit zero-day vulnerability π’
π Read
via "ITPro".
The update marks the 10th fix for zero-day vulnerabilities this yearπ Read
via "ITPro".
ITPro
Apple issues fix for βactively exploitedβ WebKit zero-day vulnerability
The update marks the 10th fix for zero-day vulnerabilities this year
π’ Beyond Identity strikes up strategic partnership with World Wide Technology π’
π Read
via "ITPro".
WWT will implement Beyond Identityβs authentication platform internally while also acting as a global channel partnerπ Read
via "ITPro".
channelpro
Beyond Identity strikes up strategic partnership with World Wide Technology
WWT will implement Beyond Identityβs authentication platform internally while also acting as a global channel partner
π’ Uber says compromised third-party to blame for data breach π’
π Read
via "ITPro".
Vulnerable third-party vendor Teqtivity sparks second major incident for Uber in the space of three monthsπ Read
via "ITPro".
ITPro
Uber says compromised third-party to blame for data breach
Vulnerable third-party vendor Teqtivity sparks second major incident for Uber in the space of three months
π’ How to implement strong authentication π’
π Read
via "ITPro".
Strong authentication is hugely important, but implementing any regime at scale is not without its challengesπ Read
via "ITPro".
ITPro
Implementing strong authentication across your business
Strong authentication is hugely important, but implementing any regime at scale is not without its challenges
π’ Cyber attack on Australiaβs TPG Telecom affects 15,000 customers π’
π Read
via "ITPro".
It is the third cyber attack on a major Australian telco since Octoberπ Read
via "ITPro".
ITPro
Cyber attack on Australiaβs TPG Telecom affects 15,000 customers
It is the third cyber attack on a major Australian telco since October
π’ Ransomware discovered carrying legitimate Windows certificates π’
π Read
via "ITPro".
Sophos researchers pointed to the sophisticated signatures as a sign of a new, dangerous strategy by a group tied to Cubaπ Read
via "ITPro".
ITPro
Ransomware discovered carrying legitimate Windows certificates
Sophos researchers pointed to the sophisticated signatures as a sign of a new, dangerous strategy by a group tied to Cuba
π’ The pros and cons of facial recognition technology π’
π Read
via "ITPro".
There are plenty of pros and cons of facial recognition technology, but is it really worth risking user privacy in the name of efficiency and security?π Read
via "ITPro".
ITPro
The pros and cons of facial recognition technology
There are plenty of pros and cons of facial recognition technology, but is it really worth risking user privacy in the name of efficiency and security?
π’ Telstra blames IT blunder for leak of 130,000 customer records π’
π Read
via "ITPro".
Australiaβs biggest telco said that the error was due to a mismanagement of databases and not a cyber attackπ Read
via "ITPro".
ITPro
Telstra blames IT blunder for leak of 130,000 customer records
Australiaβs biggest telco said that the error was due to a mismanagement of databases and not a cyber attack
π’ Microsoft patches two zero-day vulnerabilities in last Patch Tuesday of 2022 π’
π Read
via "ITPro".
Zero-days affecting Windows SmartScreen and DirectX were identified in the latest security updateπ Read
via "ITPro".
ITPro
Microsoft patches two zero-day vulnerabilities in last Patch Tuesday of 2022
Zero-days affecting Windows SmartScreen and DirectX were identified in the latest security update
π’ IT Pro 20/20: LinkedIn & the toxic world of cyber security π’
π Read
via "ITPro".
A look at the shady world of cyber security networking and online communitiesπ Read
via "ITPro".
ITPro
IT Pro 20/20: LinkedIn & the toxic world of cyber security
A look at the shady world of cyber security networking and online communities