βΌ CVE-2022-38707 βΌ
π Read
via "National Vulnerability Database".
IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179.π Read
via "National Vulnerability Database".
β S3 Ep133: Apple takes βtight-lippedβ to a whole new level β
π Read
via "Naked Security".
Entertaining, educational, and all in plain English π§ππ Read
via "Naked Security".
Naked Security
S3 Ep133: Apple takes βtight-lippedβ to a whole new level
Entertaining, educational, and all in plain English π§π
β World Password Day: 2 + 2 = 4 β
π Read
via "Naked Security".
We've kept it short and simple, with no sermons, no judgmentalism, no tubthumping... and no BUY NOW buttons. Have a nice day!π Read
via "Naked Security".
Naked Security
World Password Day: 2 + 2 = 4
Weβve kept it short and simple, with no sermons, no judgmentalism, no tubthumpingβ¦ and no BUY NOW buttons. Have a nice day!
β PHP Packagist supply chain poisoned by hacker βlooking for a jobβ β
π Read
via "Naked Security".
I pwned you! Gizza job! You know it makes sense!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Attackers Route Malware Activity Over Popular CDNs π΄
π Read
via "Dark Reading".
One way to hide malicious activity is to make it look benign by blending in with regular traffic passing through content delivery networks (CDNs) and cloud service providers, according to a Netskope report.π Read
via "Dark Reading".
Dark Reading
Attackers Route Malware Activity Over Popular CDNs
One way to hide malicious activity is to make it look benign by blending in with regular traffic passing through content delivery networks (CDNs) and cloud service providers, according to a Netskope report.
βΌ CVE-2023-29659 βΌ
π Read
via "National Vulnerability Database".
A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-26285 βΌ
π Read
via "National Vulnerability Database".
IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418.π Read
via "National Vulnerability Database".
βΌ CVE-2023-32269 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.π Read
via "National Vulnerability Database".
π΄ Apple Patches Bluetooth Flaw in AirPods, Beats π΄
π Read
via "Dark Reading".
Users can check for the updated firmware version of their wireless headphones in the Bluetooth settings of their iPhone, iPad, or Mac devices.π Read
via "Dark Reading".
Dark Reading
Apple Patches Bluetooth Flaw in AirPods, Beats
Users can check for the updated firmware version of their wireless headphones in the Bluetooth settings of their iPhone, iPad, or Mac devices.
π΄ Judge Spares Former Uber CISO Jail Time Over 2016 Data Breach Charges π΄
π Read
via "Dark Reading".
Tell other CISO's "you got a break," judge says in handing down a three-year probation sentence to Joseph Sullivan.π Read
via "Dark Reading".
Dark Reading
Judge Spares Former Uber CISO Jail Time Over 2016 Data Breach Charges
Tell other CISOs "you got a break," judge says in handing down a three-year probation sentence to Joseph Sullivan.
βΌ CVE-2023-2427 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4914 βΌ
π Read
via "National Vulnerability Database".
IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43866 βΌ
π Read
via "National Vulnerability Database".
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239436.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2516 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7.π Read
via "National Vulnerability Database".
π΄ Browser Isolation Adapts to Remote Work, Greater Cloud Usage π΄
π Read
via "Dark Reading".
As browsers become the center of many workers' days, isolation technologies shift to protecting the extended enterprise.π Read
via "Dark Reading".
Dark Reading
Browser Isolation Adapts to Remote Work, Greater Cloud Usage
As browsers become the center of many workers' days, isolation technologies shift to protecting the extended enterprise.
π΄ Satori Unveils Universal Data Permissions Scanner, A Free Open-Source Tool that Sheds Light on Data Access Authorization π΄
π Read
via "Dark Reading".
Addressing data access blindspots commonly faced by enterprises, data security leader launches the first open-source authorization analysis tool to provide universal visibility into data access permissions across multiple data stores.π Read
via "Dark Reading".
Dark Reading
Satori Unveils Universal Data Permissions Scanner, a Free Open Source Tool that Sheds Light on Data Access Authorization
Addressing data access blindspots commonly faced by enterprises, data security leader launches the first open-source authorization analysis tool to provide universal visibility into data access permissions across multiple data stores.
π΄ KnowBe4 Launches Password Kit to Celebrate World Password Day π΄
π Read
via "Dark Reading".
KnowBe4 is offering a no-cost password kit to help end users practice good password hygiene and strengthen their defenses against social engineering.π Read
via "Dark Reading".
Dark Reading
KnowBe4 Launches Password Kit to Celebrate World Password Day
KnowBe4 is offering a no-cost password kit to help end users practice good password hygiene and strengthen their defenses against social engineering.
βΌ CVE-2023-2553 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to 2.2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2551 βΌ
π Read
via "National Vulnerability Database".
PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2554 βΌ
π Read
via "National Vulnerability Database".
External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-2552 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository unilogies/bumsys prior to 2.1.1.π Read
via "National Vulnerability Database".