Security
Headlines
HeadlinesLatestCVEs

Tag

#google

Qualys Adds Custom Assessment and Remediation to Its Cloud Platform

Provides security architects with access to custom scripts that can be natively integrated with other Qualys solutions.

DARKReading
Open in Source
#vulnerability#web#google#microsoft#amazon#intel#aws#zero_day#ssl
“Look what I found here” phish targets Facebook users

A Facebook Messenger phish is asking would-be victims to "take a look". But what lies in wait for eager clickers? The post “Look what I found here” phish targets Facebook users appeared first on Malwarebytes Labs.

Over 200 Apps on Play Store Caught Spying on Android Users Using Facestealer

More than 200 Android apps masquerading as fitness, photo editing, and puzzle apps have been observed distributing spyware called Facestealer to siphon user credentials and other valuable information.  "Similar to Joker, another piece of mobile malware, Facestealer changes its code frequently, thus spawning many variants," Trend Micro analysts Cifer Fang, Ford Quin, and Zhengyu Dong said in a

Open Source Security Gets $150M Boost From Industry Heavy Hitters

Maintainers of open source software (OSS) will gain additional security tools for their own projects, while the developers who use OSS — and about 97% of software does — will gain more data on security.

CVE-2022-0578: Code Injection in publify

Code Injection in GitHub repository publify/publify prior to 9.2.8.

CVE-2022-1721: Path Traversal in WellKnownServlet in drawio

Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application.

CVE-2022-1728: Allowing long password leads to denial of service in polonel/trudesk in trudesk

Allowing long password leads to denial of service in polonel/trudesk in GitHub repository polonel/trudesk prior to 1.2.2. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.

HighCMS/HighPortal 12.x SQL Injection

HighCMS/HighPortal version 12.x appears to suffer from a remote SQL injection vulnerability.

Secure Email Gateway Vs. Integrated Cloud Email Security (SEG Vs. ICES) – What’s the difference, and which should my business use?

By Waqas When you think of phishing or any form of internet crime, many believe this is something completely remote… This is a post from HackRead.com Read the original post: Secure Email Gateway Vs. Integrated Cloud Email Security (SEG Vs. ICES) – What’s the difference, and which should my business use?

Fake reCAPTCHA forms dupe users via compromised WordPress sites

Threat actors have launched a new campaign that starts with compromised WordPress sites and leads to fake reCAPTCHA sites designed to get visitors to accept web push notifications. The post Fake reCAPTCHA forms dupe users via compromised WordPress sites appeared first on Malwarebytes Labs.