Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Report: 79% of Employees Are Distracted at Work Amid a Year of Permacrisis

1Password's annual State of Access report reveals that distracted employees are twice as likely to do the bare minimum for security at work.

DARKReading
Open in Source
#vulnerability#ios#mac#git#auth#ibm
CVE-2022-45871: Business Suite Virtual Security

WithSecure DeepGuard 6 allows attackers to affect confidentiality, availability, and/or integrity.

Improve Confidence and Context to Sell the SOC on Automating

SIEM and XDE made a lot of promises, but they don't quite live up to the SOC team's standards.

Hackers Planted Files to Frame Indian Priest Who Died in Custody

And new evidence suggests those hackers may have collaborated with the police who investigated him.

How AI-Powered Tools Can Spark Creativity and Help You Create Designs

By Owais Sultan Artificial intelligence (AI) tools are dramatically transforming the way we work. As AI applications get more sophisticated, the… This is a post from HackRead.com Read the original post: How AI-Powered Tools Can Spark Creativity and Help You Create Designs

Serious Attacks Could Have Been Staged Through This Amazon ECR Public Gallery Vulnerability

A critical security flaw has been disclosed in Amazon Elastic Container Registry (ECR) Public Gallery that could have been potentially exploited to stage a multitude of attacks, according to cloud security firm Lightspin. "By exploiting this vulnerability, a malicious actor could delete all images in the Amazon ECR Public Gallery or update the image contents to inject malicious code," Gafnit

CVE-2022-23523: loader: x86_64: elf: Avoid reading beyond file end by likebreath · Pull Request #125 · rust-vmm/linux-loader

In versions prior to 0.8.1, the linux-loader crate uses the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets point beyond the end of the file this could lead to Virtual Machine Monitors using the `linux-loader` crate entering an infinite loop if the ELF header of the kernel they are loading was modified in a malicious manner. This issue has been addressed in 0.8.1. The issue can be mitigated by ensuring that only trusted kernel images are loaded or by verifying that the headers do not point beyond the end of the file.

CVE-2022-44699: Azure Network Watcher Agent Security Feature Bypass Vulnerability

**What is Network Watcher?** Azure Network Watcher provides tools to monitor, diagnose, view metrics, and enable or disable logs for resources in an Azure virtual network. Network Watcher is designed to monitor and repair the network health of IaaS (Infrastructure-as-a-Service) products including Virtual Machines (VM), Virtual Networks, Application Gateways, Load balancers, etc. For more details, please refer to: https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-monitoring-overview

CVE-2022-44713: Microsoft Outlook for Mac Spoofing Vulnerability

**What is the nature of the spoofing?** An attacker could appear as a trusted user when they should not be. This could cause a user to mistakenly trust a signed email message as if it came from a legitimate user.

CVE-2022-44696: Microsoft Office Visio Remote Code Execution Vulnerability

**According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?** The word **Remote** in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. The vulnerable endpoint is only available over the local VM interface as all external communication is blocked. This means an attacker needs to execute code from the local machine to exploit the vulnerability.