Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

CVE-2022-45871: Business Suite Virtual Security

WithSecure DeepGuard 6 allows attackers to affect confidentiality, availability, and/or integrity.

CVE
Open in Source
#vulnerability#web#mac#windows#microsoft#java#intel#botnet#auth#zero_day
Third Annual Global CISO Report Identifies Significant Shifts in Hiring and Retaining Security Talent

Research from Marlin Hawk also shows a 15% increase in CISOs holding STEM-related degrees year-over-year, diversifying the succession talent pool.

How AI-Powered Tools Can Spark Creativity and Help You Create Designs

By Owais Sultan Artificial intelligence (AI) tools are dramatically transforming the way we work. As AI applications get more sophisticated, the… This is a post from HackRead.com Read the original post: How AI-Powered Tools Can Spark Creativity and Help You Create Designs

CVE-2022-23523: loader: x86_64: elf: Avoid reading beyond file end by likebreath · Pull Request #125 · rust-vmm/linux-loader

In versions prior to 0.8.1, the linux-loader crate uses the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets point beyond the end of the file this could lead to Virtual Machine Monitors using the `linux-loader` crate entering an infinite loop if the ELF header of the kernel they are loading was modified in a malicious manner. This issue has been addressed in 0.8.1. The issue can be mitigated by ensuring that only trusted kernel images are loaded or by verifying that the headers do not point beyond the end of the file.

Malware Strains Targeting Python and JavaScript Developers Through Official Repositories

An active malware campaign is targeting the Python Package Index (PyPI) and npm repositories for Python and JavaScript with typosquatted and fake modules that deploy a ransomware strain, marking the latest security issue to affect software supply chains. The typosquatted Python packages all impersonate the popular requests library: dequests, fequests, gequests, rdquests, reauests, reduests,

Metaparasites & the Dark Web: Scammers Turn on Their Own

Sophos research unveiled at Black Hat Europe details a thriving subeconomy of fraud on the cybercrime underground, aimed at Dark Web forum users.

CVE-2022-41263

Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the attacker can modify information causing a limited impact on the integrity of the application.

Palo Alto Networks Xpanse Active Attack Surface Management Automatically Remediates Cyber Risks Before They Lead to Cyberattacks

New Cortex Xpanse features give organizations visibility and control of their attack surfaces to discover, evaluate, and address cyber risks.

CVE-2022-45968: Upload files to the directory with password Vulnerability(bypass) · Issue #2444 · alist-org/alist

Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one).