Security
Headlines
HeadlinesLatestCVEs

Tag

#sap

‘Important Notification’ Phishing Scam Targeting American Express Customers

By Deeba Ahmed In this phishing scam, the email is designed to appear as an authentic American Express notification. The email subject reads: “Important Notification About Your Account.” This is a post from HackRead.com Read the original post: ‘Important Notification’ Phishing Scam Targeting American Express Customers

HackRead
Open in Source
#web#google#git#auth#sap
4 Scenarios for the Digital World of 2040

Our digital future depends on the choices we make today. We need to invest in cybersecurity technologies and skills so that humanity can control its future.

CVE-2021-44718: wolfSSL Security Vulnerabilities | wolfSSL Embedded SSL/TLS Library

wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers.

The Ultimate Security Blind Spot You Don't Know You Have

How much time do developers spend actually writing code? According to recent studies, developers spend more time maintaining, testing and securing existing code than they do writing or improving code. Security vulnerabilities have a bad habit of popping up during the software development process, only to surface after an application has been deployed. The disappointing part is that many of these

GHSA-fjjw-82xw-vfc2: Apache ShenYu Admin v2.4.2-v2.4.3 has insecure permissions

Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3. Version 2.5.0 contains a patch for this issue.

CVE-2020-35534: Libraw "crxFreeSubbandData()" Memory Corruption Vulnerability · Issue #279 · LibRaw/LibRaw

In LibRaw, there is a memory corruption vulnerability within the "crxFreeSubbandData()" function (libraw\src\decoders\crx.cpp) when processing cr3 files.

CVE-2020-35535: Libraw "LibRaw::parseSonySRF()" Out-of-bounds Read Vulnerability · Issue #283 · LibRaw/LibRaw

In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing srf files.

CVE-2020-35531: LibRaw "get_huffman_diff()" Out-of-bounds read vulnerability · Issue #270 · LibRaw/LibRaw

In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file.

Threat Source newsletter (Sept. 1, 2022) — Conversations about an unborn baby's privacy

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  This week marks about 90 days before my wife’s due date with our first child, a baby girl. We’re both incredibly excited and nervous at the same time, and we have much to discuss, like how to lay out the nursery, what times we’ll put her down for a nap and who must be the one to get up the first time she starts crying at 2 a.m.  But the first true argument my wife and I have had about having a child is whether we should show the baby’s face on Instagram.  This child isn’t even born yet, and social media companies are probably already building out a data profile on her. I signed up for the What to Expect app so I could follow along with my wife’s pregnancy progress and learn more about what she’s going through and how the baby is developing. Already I’m getting targeted ads on the app and my Instagram for specific brands of baby food, the stroller that we’ve listed on our registry and an automati...

CVE-2022-36373: MP3-jPlayer

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Simon Ward MP3 jPlayer plugin <= 2.7.3 at WordPress.