Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

The Sky Is Not Falling: Disclosed OpenSSL Bugs Are Serious but Not Critical

Organizations should update to the latest encryption (version 3.0.7) as soon as possible, but there's no need for Heartbleed-like panic, security experts say.

DARKReading
Open in Source
#vulnerability#ios#google#linux#dos#intel#rce#buffer_overflow#auth#chrome#firefox#ssl
CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

Chinese Hackers Using New Stealthy Infection Chain to Deploy LODEINFO Malware

The Chinese state-sponsored threat actor known as Stone Panda has been observed employing a new stealthy infection chain in its attacks aimed at Japanese entities. Targets include media, diplomatic, governmental and public sector organizations and think-tanks in Japan, according to twin reports published by Kaspersky. Stone Panda, also called APT10, Bronze Riverside, Cicada, and Potassium, is a

China-Backed APT10 Supercharges Spy Game With Custom Fileless Backdoor

The sophisticated and ever-evolving threat known as LodeInfo is being deployed against media, diplomatic, government, public sector, and think-tank targets.

FitStack, a New Solution For Code and Container Risk Management, Launches With Support From Varsity Venture Studio

FitStack offers a SaaS-based platform — supporting both cloud native and on-prem environments — to take risk and vulnerability out of application development.

(ISC)² Expands DEI Initiative with International Partnership Agreements

Major partnership program aims to break down barriers and empower underrepresented groups in cybersecurity across the globe.

CVE-2022-42327

x86: unintended memory sharing between guests On Intel systems that support the "virtualize APIC accesses" feature, a guest can read and write the global shared xAPIC page by moving the local APIC out of xAPIC mode. Access to this shared page bypasses the expected isolation that should exist between two guests.

Last Years Open Source - Tomorrow's Vulnerabilities

Linus Torvalds, the creator of Linux and Git, has his own law in software development, and it goes like this: "given enough eyeballs, all bugs are shallow." This phrase puts the finger on the very principle of open source: the more, the merrier - if the code is easily available for anyone and everyone to fix bugs, it's pretty safe. But is it? Or is the saying "all bugs are shallow" only true for

CVE-2022-43752: .:: Phrack Magazine ::.

** UNSUPPORTED WHEN ASSIGNED ** Oracle Solaris version 10 1/13, when using the Common Desktop Environment (CDE), is vulnerable to a privilege escalation vulnerability. A low privileged user can escalate to root by crafting a malicious printer and double clicking on the the crafted printer's icon.

CVE-2022-40296: Server-side request forgery (SSRF) in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC.

The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream systems.