Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

Huntress Acquires Curricula for $22M to Disrupt Security Training Market, Elevate Cyber Readiness for SMB Employees

The Curricula platform uses behavioral science with a simplified approach to train and educate users — and marks another step forward in Huntress’ mission to secure the 99%.

DARKReading
Open in Source
#vulnerability#samba#ssl
Authentication Risks Discovered in Okta Platform

Four newly discovered attack paths could lead to PII exposure, account takeover, even organizational data destruction.

Protecting Against Kubernetes-Borne Ransomware

The conventional wisdom that virtual container environments were somehow immune from malware and hackers has been upended.

Tor Browser 11.5 release enables users to automatically circumvent censorship

New update addresses challenges faced by users in repressive countries

RHSA-2022:5602: Red Hat Security Advisory: RHUI 4.1.1 release - Security Fixes and Enhancement Update

An updated version of Red Hat Update Infrastructure (RHUI) is now available. RHUI 4.1.1 introduces important enhancements and fixes several security bugs.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-28346: Django: SQL injection in QuerySet.annotate(),aggregate() and extra() * CVE-2022-28347: Django: SQL injection via QuerySet.explain(options) on PostgreSQL

New Air-Gap Attack Uses SATA Cable as an Antenna to Transfer Radio Signals

A new method devised to leak information and jump over air-gaps takes advantage of Serial Advanced Technology Attachment (SATA) or Serial ATA cables as a communication medium, adding to a long list of electromagnetic, magnetic, electric, optical, and acoustic methods already demonstrated to plunder data. "Although air-gap computers have no wireless connectivity, we show that attackers can use

CVE-2021-29790: Security Bulletin: There are multiple vulnerabilites that affect IBM Engineering Requirements Quality Assistant On-Premises (CVE-2022-0778, CVE-2021-38868, CVE-2021-29799, CVE-2021-29790, CVE-2021-297

IBM Engineering Requirements Quality Assistant On-Premises (All versions) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203440.

CVE-2022-32387: Hotfixes

In Kentico before 13.0.66, attackers can achieve Denial of Service via a crafted request to the GetResource handler.

Global Socket 1.4.38

Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.

CVE-2021-33656: vt-drop-old-font-ioctls.patch « 5.10.127 « releases - kernel/git/stable/stable-queue.git

When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.