Tag
According to the FCC commissioner, TikTok being a video app is the "sheep's clothing", suggesting a wolf hides underneath those funny videos. The post TikTok is “unacceptable security risk” and should be removed from app stores, says FCC appeared first on Malwarebytes Labs.
An update is now available for Red Hat Satellite 6.11This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3200: libsolv: heap-based buffer overflow in testcase_read() in src/testcase.c * CVE-2021-3584: foreman: Authenticate remote code execution through Sendmail configuration * CVE-2021-4142: Satellite: Allow unintended SCA certificate to authenticate Candlepin * CVE-2021-21290: netty: Information disclosure via the local system temporary directory * CVE-2021-21295: netty: possible request smuggling in HTTP/2 due missing validation * CVE-2021-21409: netty: Request smuggling via content-length header * CVE-2021-30151: sidekiq: XSS via the queue name of the live-poll feature * CVE-2021-32839: python-sqlparse: ReDoS via regular expression i...
Cloud-based malware in on the rise. In this post, we’ll cover four ways you can help secure your business against cloud-based malware. The post Cloud-based malware is on the rise. How can you secure your business? appeared first on Malwarebytes Labs.
Cloud-based malware in on the rise. In this post, we’ll cover four ways you can help secure your business against cloud-based malware. The post Cloud-based malware is on the rise. How can you secure your business? appeared first on Malwarebytes Labs.
Advanced Testimonials Manager version 5.6 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Google has patched a vulnerability in Chrome which was being exploited in the wild. Make sure you're using the latest version. The post Update now! Chrome patches ANOTHER zero-day vulnerability appeared first on Malwarebytes Labs.
The heap buffer overflow issue in the browser’s WebRTC engine could allow attackers to execute arbitrary code.
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).
Old session tokens can be used to authenticate to the application and send authenticated requests.
Google on Monday shipped security updates to address a high-severity zero-day vulnerability in its Chrome web browser that it said is being exploited in the wild. The shortcoming, tracked as CVE-2022-2294, relates to a heap overflow flaw in the WebRTC component that provides real-time audio and video communication capabilities in browsers without the need to install plugins or download native