Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

43 Trillion Security Data Points Illuminate Our Most Pressing Threats

A new report helps companies understand an ever-changing threat landscape and how to strengthen their defenses against emerging cybersecurity trends.

DARKReading
Open in Source
#vulnerability#web#microsoft#git#intel#auth#zero_day
How Naming Can Change the Game in Software Supply Chain Security

A reliance on CPE names currently makes accurate searching for high-risk security vulnerabilities difficult.

Planet eStream Code Execution / SQL Injection / XSS / Broken Control

Planet eStream versions prior to 6.72.10.07 suffer from shell upload, account takeover, broken access control, SQL injection, both persistent and reflective cross site scripting, path traversal, and information disclosure vulnerabilities.

Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver

The subgroup of an Iranian nation-state group known as Nemesis Kitten has been attributed as behind a previously undocumented custom malware dubbed Drokbk that uses GitHub as a dead drop resolver to exfiltrate data from an infected computer, or to receive commands. "The use of GitHub as a virtual dead drop helps the malware blend in," Secureworks principal researcher Rafe Pilling said. "All the

MuddyWater Hackers Target Asian and Middle East Countries with Updated Tactics

The Iran-linked MuddyWater threat actor has been observed targeting several countries in the Middle East as well as Central and West Asia as part of a new spear-phishing activity. "The campaign has been observed targeting Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar, Tajikistan, and the United Arab Emirates," Deep Instinct researcher Simon Kenin said in a technical write-up.

Apple announces 3 new security features

Categories: Apple Categories: Articles Tags: Apple Tags: end-to-end-encryption Tags: iMessage Contact Key Verification Tags: Security Keys for Apple ID Tags: Advanced Data Protection for iCloud Tags: EFF Apple has announced three new security features that will help protect logins, iMessage conversations, and data snyced by iCloud. (Read more...) The post Apple announces 3 new security features appeared first on Malwarebytes Labs.

CVE-2022-38765: Canon Medical Software Security Updates

Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An authenticated user is able to gain unauthorized access to imaging records by tampering with the vitrea-view/studies/search patientId parameter.

CNAPP Shines a Light Into Evolving Cloud Environments

Cloud-native application protection platform (CNAPP) addresses security challenges in multicloud environments, including integrating applications across multicloud or hybrid cloud environments.

CVE-2022-23496: feat: Better clienthint handling, ignore Kamo tags. · nielsbasjes/yauaa@3017a86

Yet Another UserAgent Analyzer (Yauaa) is a java library that tries to parse and analyze the useragent string and extract as many relevant attributes as possible. Applications using the Client Hints analysis feature introduced with 7.0.0 can crash because the Yauaa library throws an ArrayIndexOutOfBoundsException. If uncaught the exception will result in a program crash. Applications that do not use this feature are not affected. Users are advised to upgrade to version 7.9.0. Users unable to upgrade may catch and discard any ArrayIndexOutOfBoundsException thrown by the Yauaa library.

Threat Source newsletter (Dec. 8, 2022): Your uncle clicked every link

Welcome to this week’s edition of the Threat Source newsletter. As we hurtle toward the end of another year I get that tightness in my chest – that feeling that I think most, if not all, Threat Source readers get at this time of year. That's