Security
Headlines
HeadlinesLatestCVEs

Tag

#amazon

Deserialized web security roundup – Slack, Okta security breaches, lax US government passwords report, and more 

Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news

PortSwigger
Open in Source
#csrf#vulnerability#web#android#mac#windows#google#amazon#cisco#git#intel#c++#backdoor#rce#vmware#aws#auth#chrome#firefox
Ubuntu Security Notice USN-5804-1

Ubuntu Security Notice 5804-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamas Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5803-1

Ubuntu Security Notice 5803-1 - Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service or execute arbitrary code. Tamas Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5802-1

Ubuntu Security Notice 5802-1 - It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Tamás Koczka discovered that the Bluetooth L2CAP handshake implementation in the Linux kernel contained multiple use-after-free vulnerabilities. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.

Software Supply Chain Security Needs a Bigger Picture

SBOMs aren't enough. OpenSSF's Alpha-Omega brings in new blood to help secure the open source projects most impactful to the software supply chain.

Use CircleCI? Here Are 3 Steps You Need to Take

This Tech Tip outlines the steps enterprise defenders should take as they protect their data in cloud environments in response to the security incident with the CI/CD platform.

5 Ways Cybersecurity for Cloud Workloads Will Evolve in 2023

Organizations are looking for new methods to safeguard the virtual machines, containers, and workload services they use in the cloud.

CVE-2022-35401: TALOS-2022-1586 || Cisco Talos Intelligence Group

An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. A specially-crafted HTTP request can lead to full administrative access to the device. An attacker would need to send a series of HTTP requests to exploit this vulnerability.

Ubuntu Security Notice USN-5792-2

Ubuntu Security Notice 5792-2 - Mingwei Zhang discovered that the KVM implementation for AMD processors in the Linux kernel did not properly handle cache coherency with Secure Encrypted Virtualization. A local attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Android Binder IPC subsystem in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Web 3.0 Shifts Attack Surface and Highlights Need for Continuous Security

A model of continuous authentication and identification is needed to keep consumers safe.