Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

Uptycs Announces New Cloud Identity and Entitlement Management (CIEM) Capabilities

Also adds support for Google Cloud Platform (GCP) and Microsoft Azure, and PCI compliance coverage.

DARKReading
#mac#windows#google#microsoft#aws
Ukraine War Themed Files Become the Lure of Choice for a Wide Range of Hackers

A growing number of threat actors are using the ongoing Russo-Ukrainian war as a lure in various phishing and malware campaigns, even as critical infrastructure entities continue to be heavily targeted. "Government-backed actors from China, Iran, North Korea and Russia, as well as various unattributed groups, have used various Ukraine war-related themes in an effort to get targets to open

CVE-2022-1502: Security Advisory 2022-03

Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions.

CVE-2022-1502: Security Advisory 2022-03

Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions.

CVE-2022-1548: Security Updates

Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins.

CVE-2021-27425: GitHub - cesanta/mongoose-os: Mongoose OS - an IoT Firmware Development Framework. Supported microcontrollers: ESP32, ESP8266, CC3220, CC3200, STM32F4, STM32L4, STM32F7. Amazon AWS IoT, Microsoft Azur

Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.

Third-Party App Access Is the New Executable File

By providing these apps and other add-ons for SaaS platforms and associated permissions, businesses present bad actors with more opportunities to gain access to company data.

CVE-2022-23400: TALOS-2022-1465 || Cisco Talos Intelligence Group

A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality of Accusoft ImageGear 19.10. A specially-crafted PSD file can overflow a stack buffer, which could either lead to denial of service or, depending on the application, to an information leak. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2022-22137: TALOS-2022-1449 || Cisco Talos Intelligence Group

A memory corruption vulnerability exists in the ioca_mys_rgb_allocate functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to an arbitrary free. An attacker can provide a malicious file to trigger this vulnerability.

How to Choose Tech Stack for Mobile App Development

By Owais Sultan What a good tech stack for a mobile app is and how to, actually, pick the right one… This is a post from HackRead.com Read the original post: How to Choose Tech Stack for Mobile App Development