Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

Breaking Down the Strengthening American Cybersecurity Act

New federal cybersecurity rules will set timelines for critical infrastructure sector organizations — those in chemical, manufacturing, healthcare, defense contracting, energy, financial, nuclear, or transportation — to report ransomware payments and cyberattacks to CISA. All parties have to comply for it to work and help protect assets.

DARKReading
#web#mac#apple#ddos#dos#git#perl
The EU Wants Big Tech to Scan Your Private Chats for Child Abuse

Europe’s proposed child protection laws could undermine end-to-end encryption for billions of people.

Cyber-Espionage Attack Drops Post-Exploit Malware Framework on Microsoft Exchange Servers

IceApple's 18 separate modules include those for data exfiltration, credential harvesting, and file and directory deletion, CrowdStrike warns.

CVE-2022-29316: Complete Online Job Search System Sql Injection - HackMD

Complete Online Job Search System v1.0 was discovered to contain a SQL injection vulnerability via /eris/index.php?q=result&searchfor=advancesearch.

CVE-2022-29317: Simple Bus Ticket Booking System SQL Injection - HackMD

Simple Bus Ticket Booking System v1.0 was discovered to contain multiple SQL injection vulnerbilities via the username and password parameters at /assets/partials/_handleLogin.php.

Vanity URLs Could Be Spoofed for Social Engineering Attacks

Attackers could abuse the vanity subdomains of popular cloud services such as Box.com, Google, and Zoom to mask attacks in phishing campaigns.

Google Will Use Mobile Devices to Thwart Phishing Attacks

In an effort to combat phishing, Google will allow Android phones and iPhones to be used as security keys.

CVE-2022-28913: IOT_vuln/TOTOLink/N600R/10 at main · EPhaha/IOT_vuln

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting.

CVE-2022-28913: IOT_vuln/TOTOLink/N600R/10 at main · EPhaha/IOT_vuln

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting.

CVE-2022-28912: IOT_vuln/TOTOLink/N600R/8 at main · EPhaha/IOT_vuln

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW.