#apple

Plus: Google delays the end of cookies (again), EU officials were targeted with Pegasus spyware, and more of the top security news.

D-Link DSL-3782 v1.03 and below was discovered to contain a stack overflow via the function getAttrValue.

The first half of the year saw more than 11,800 reported security vulnerabilities, but figuring out which ones to patch first remains a thankless job for IT teams.

A vulnerability, which was classified as problematic, was found in SourceCodester Garage Management System 1.0. Affected is an unknown function of the file /php_action/createUser.php. The manipulation of the argument userName with the input lala<img src="" onerror=alert(1)> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

A vulnerability, which was classified as critical, has been found in SourceCodester Garage Management System 1.0. This issue affects some unknown processing of the file /php_action/createUser.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

New web targets for the discerning hacker

Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/permit/permit.php.

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  Between the White House’s recent meeting, countless conference talks and report after report warning of cybersecurity burnout, there’s been a ton of talk recently around the cybersecurity skills gap and hiring.  Everyone wants to know the magic ticket to figure out how to increase hiring at their cybersecurity practice without hiring somehow with under-developed skills that could leave clients open to attack. This is not a problem exclusive to cybersecurity, but I do find it interesting that there’s been so much talk about the problems the cybersecurity workforce faces and not much about actual solutions.  I think a good place to start would change the meaning of what an “entry-level” position truly is in security. I came into this field with zero security experience from the domain of journalism. My family considered me to be “a computer guy” just because I was good at searching the internet fo...

In zulip before 1.3.12, bot API keys were accessible to other users in the same realm.

We take a look at claims of both censorship and promotion related to various apps from the Bytedance stable. The post TikTok owner ByteDance pushed a pro-China agenda to Americans, say former employees appeared first on Malwarebytes Labs.