Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

CVE-2022-41977: TALOS-2022-1627 || Cisco Talos Intelligence Group

An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string fields in TIFF image files. A specially-crafted TIFF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.

CVE
#vulnerability#ios#cisco#git#intel
CVE-2022-43592: TALOS-2022-1651 || Cisco Talos Intelligence Group

An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability.

CVE-2022-41988: TALOS-2022-1643 || Cisco Talos Intelligence Group

An information disclosure vulnerability exists in the OpenImageIO::decode_iptc_iim() functionality of OpenImageIO Project OpenImageIO v2.3.19.0. A specially-crafted TIFF file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability.

Inside the Next-Level Fraud Ring Scamming Billions Off Holiday Retailers

"Largest attack of its kind": A potent Southeast Asian e-commerce fraud ring has declared war on US retailers, targeting billions in goods in just the past month and forcing mules into its scheme.

Security on a Shoestring? Cloud, Consolidation Best Bets for Businesses

With a recession potentially coming, some companies are cutting security teams. But moving more infrastructure to the cloud and reducing the number of vendors through consolidation may be the best ways to prepare.

Google WordPress Plug-in Bug Allows AWS Metadata Theft

A successful attacker could use the SSRF vulnerability to collect metadata from WordPress sites hosted on an AWS server, and potentially log in to a cloud instance to run commands.

'Sextortion,' Business Disruption, and a Massive Attack: What Could Be in Store for 2023

Our growing interconnectedness poses almost as many challenges as it does benefits.

Zerobot Adds Brute Force, DDoS to Its IoT Attack Arsenal

Threat actors continue to evolve the malicious botnet, which has also added a list of new vulnerabilities it can use to target devices.