Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Enhancing RHEL Security: Understanding SHA-1 deprecation on RHEL 9

In this article, I’ll go over some typical problems users may face with Fedora SHA-1 status (including some possible workarounds), and how you can update your infrastructure to use a more secure SHA-256.

Red Hat Blog
Open in Source
#mac#linux#red_hat#rpm
Microsoft Patch Tuesday July 2022: propaganda report, CSRSS EoP, RPC RCE, Edge, Azure Site Recovery

Hello everyone! Microsoft has been acting weird lately. I mean the recent publication of a propaganda report about evil Russians and how Microsoft is involved in the conflict between countries. It wouldn’t be unusual for a US government agency, NSA or CIA to publish such a report. But when a global IT vendor, which, in […]

CVE-2022-34115: [Bug]任意文件跨目录写入 · Issue #2428 · dataease/dataease

Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.

CVE-2022-34114: [Bug]任意SQL代码执行 · Issue #2430 · dataease/dataease

Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.

CVE-2022-34112: [Bug]普通权限越权卸载插件 · Issue #2429 · dataease/dataease

An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator.

CVE-2022-36408: Major Security Vulnerability on PrestaShop Websites

PrestaShop 1.6.0.10 through 1.7.x before 1.7.8.2 allows remote attackers to execute arbitrary code, aka a "previously unknown vulnerability chain" related to SQL injection, as exploited in the wild in July 2022.

Threat Roundup for July 15 to July 22

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 15 and July 22. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net. For each threat described below, this blog post only lists 2...

CVE-2022-29495: Popup Builder – Create highly converting, mobile friendly marketing popups.

Cross-Site Request Forgery (CSRF) vulnerability in Sygnoos Popup Builder plugin <= 4.1.11 at WordPress allows an attacker to update plugin settings.

Snowballing Ransomware Variants Highlight Growing Threat to VMware ESXi Environments

Luna, Black Basta add to rapidly growing list of malware tools targeted at virtual machines deployed on VMware's bare-metal hypervisor technology.