Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Forescout Announces Intent to Acquire Cysiv to Deliver Data-Powered Threat Detection and Response

Acquisition will leverage Forescout’s automated cybersecurity with Cysiv's cloud-native platform to deliver data-powered analytics for 24/7 threat detection and response.

DARKReading
Open in Source
#ios#git#intel
Hacking Scenarios: How Hackers Choose Their Victims

Enforcing the "double-extortion" technique aka pay-now-or-get-breached emerged as a head-turner last year.  May 6th, 2022 is a recent example. The State Department said the Conti strain of ransomware was the most costly in terms of payments made by victims as of January. Conti, a ransomware-as-a-service (RaaS) program, is one of the most notorious ransomware groups and has been responsible for

Apple's New Feature Will Install Security Updates Automatically Without Full OS Update

Apple has introduced a Rapid Security Response feature in iOS 16 and macOS Ventura that's designed to deploy security fixes without the need for a full operating system version update. "macOS security gets even stronger with new tools that make the Mac more resistant to attack, including Rapid Security Response that works in between normal updates to easily keep security up to date without a

GHSA-4w8f-hjm9-xwgf: Path Traversal in django-s3file

### Impact It was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. The issue was discovered by the maintainer. There were no reports of the vulnerability being known to or exploited by a third party, before the release of the patch. If the `AWS_LOCATION` setting was set, traversal was limited to that location only. If all your files handling views (like form views) require authentication or special permission, the thread is limited to privileged users. ### Patches The vulnerability has been fixed in version 5.5.1 and above. ### Workarounds There is no feasible workaround. We must urge all users to immediately updated to a patched version. ### Detailed attack vector description An attacker may use a request with malicious form data to traverse the entire AWS S3 bucket and perform destructive operations. An attack could look as follows: ```bash curl -X POST -F "s3file=file" -F "file=/priviliged/location/secrets.txt" https://www.example.c...

CVE-2022-23712: Security issues

A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request.

Cybersecurity M&A Activity Shows No Signs of Slowdown

But valuations have dropped — and investors are paying closer attention to revenues and profitability, industry analysts say.

The CISO Shortlist: Top Priorities at RSA 2022

The buzz on the show floor during RSA Conference is about aligning the organization's security priorities with the right technology. Will Lin, managing director and founding member at Forgepoint Capital, weighs in on the biggest security priorities for 2022 — and what kind of tech senior-level executives are looking for.

CVE-2022-30861: Cross Site Scripting · Issue #24 · fudforum/FUDforum

FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature.

Gathering Momentum: 3 Steps Forward to Expand SBoM Use

New studies show less than a third of organizations use software bills of materials (SBoMs), but momentum is building to boost that number.