Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2022-47872: CVE-2022-47872/README.md at main · Cedric1314/CVE-2022-47872

maccms10 2021.1000.2000 is vulnerable to Server-side request forgery (SSRF).

CVE
Open in Source
#vulnerability#web#mac#js#git#intel#php#ssrf#firefox
Radiant Logic Signs Definitive Agreement to Acquire Brainwave GRC

Move will strengthen position as a leader in the identity governance and analytics market.

Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover

Two security holes — one particularly gnarly — could allow hackers the freedom to do as they wish with the popular edge equipment.

Amazon Still Selling T95 TV Box with Pre-Installed Malware

By Deeba Ahmed Malwarebytes has confirmed that, despite confirmed reports of the presence of pre-installed malware in T95 TV boxes, Amazon is still allowing their sale. This is a post from HackRead.com Read the original post: Amazon Still Selling T95 TV Box with Pre-Installed Malware

GitHub revokes several certificates after unauthorized access

Categories: News Tags: GitHub Tags: Atom Tags: Desktop for Mac Tags: Apple Developer ID Tags: certificates Tags: Digicert Tags: sunset After an unauthorized access incident, GitHub will revoke three certificates which will affect users of Atom and GitHub Desktop for Mac. (Read more...) The post GitHub revokes several certificates after unauthorized access appeared first on Malwarebytes Labs.

New SH1MMER Exploit for Chromebook Unenrolls Managed ChromeOS Devices

A new exploit has been devised to "unenroll" enterprise- or school-managed Chromebooks from administrative control. Enrolling ChromeOS devices makes it possible to enforce device policies as set by the organization via the Google Admin console, including the features that are available to users. "Each enrolled device complies with the policies you set until you wipe or deprovision it," Google

Up to 10 million people potentially impacted by JD Sports breach

Categories: News Tags: JD Sports Tags: data breach Tags: stolen Tags: unauthorised Tags: access Tags: data Tags: customers Tags: phish Tags: social engineering We take a look at JD Sports revealing a breach which took place between 2018 and 2020, and how this could impact those affected. (Read more...) The post Up to 10 million people potentially impacted by JD Sports breach appeared first on Malwarebytes Labs.

Checkmarx Launches Threat Intelligence for Open Source Packages

The new API incorporates threat intelligence research and employs machine learning to identify threats in the supply chain.

GitHub Reports Code-Signing Certificate Theft in Security Breach

By Deeba Ahmed GitHub states that hackers gained access to its code repositories and stole code-signing certificates for two of its desktop apps: Desktop and Atom. This is a post from HackRead.com Read the original post: GitHub Reports Code-Signing Certificate Theft in Security Breach

CVE-2022-47769: Security Advisory: Serenissima Informatica – FastCheckIn (CVE-2022-47768/CVE-2022-47769/ CVE-2022-47770)

An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell.