Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Threat Source newsletter (May 26, 2022) — BlackByte adds itself to the grocery list of big game hunters

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  Given the recent tragedies in the U.S., I don’t feel it’s appropriate to open by being nostalgic or trying to be witty — let’s just stick to some security news this week.    The one big... [[ This is only the beginning! Please visit the blog for the complete entry ]]

TALOS
Open in Source
#vulnerability#web#android#mac#google#cisco#dos#rce#zero_day#chrome
Google Urged to Stop Tracking Location Data Ahead of Roe Reversal

Lawmakers argue Android phone data could be “weaponized against women” if the US Supreme Court officially overturns abortion protections.

Google Urged to Stop Tracking Location Data Ahead of Roe Reversal

Lawmakers argue Android phone data could be “weaponized against women” if the US Supreme Court officially overturns abortion protections.

RHSA-2022:4712: Red Hat Security Advisory: RHV Engine and Host Common Packages security update

Updated dependency packages for ovirt-engine and ovirt-host that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24302: python-paramiko: Race condition in the write_private_key_file function

RHSA-2022:4764: Red Hat Security Advisory: RHV RHEL Host (ovirt-host) [ovirt-4.5.0] security update

Updated host packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-0207: vdsm: disclosure of sensitive values in log files

CVE-2022-21827: Citrix Gateway Plug-in for Windows Security Bulletin for CVE-2022-21827

An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could allow an attacker who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM.

The FDA's New Cybersecurity Guidance for Medical Devices Reminds Us That Safety & Security Go Hand in Hand

The new draft guidance on premarket submissions incorporates quality system regulations and doubles down on a life-cycle approach to product security.

VMware, Airline Targeted as Ransomware Chaos Reigns

Global ransomware incidents target everything from enterprise servers to grounding an airline, with one India-based group even taking a Robin Hood approach to extortion with the "GoodWill" strain.

ChromeOS usbguard Bypass

ChromeOS uses usbguard when the screen is locked but appears to suffer from bypass issues.

CVE-2022-30789

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.