Security
Headlines
HeadlinesLatestCVEs

Tag

#perl

OpenSSF Announces 13 New Members Committed to Strengthening the Security of the Open Source Software Supply Chain

Hosts next OpenSSF Day in Dublin.

DARKReading
Open in Source
#vulnerability#android#linux#cisco#nodejs#js#git#kubernetes#perl#log4j#ibm
Google Chrome Zero-Day Found Exploited in the Wild

The high-severity security vulnerability (CVE-2022-2856) is due to improper user-input validation.

CVE-2022-36191: heap-buffer-overflow in function gf_isom_dovi_config_get · Issue #2218 · gpac/gpac

A heap-buffer-overflow had occurred in function gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, as demonstrated by MP4Box. This vulnerability was fixed in commit fef6242.

CVE-2022-36186: A NULL pointer dereference in gf_filter_pid_set_property_full · Issue #2223 · gpac/gpac

A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNKNOWN-master via the function gf_filter_pid_set_property_full () at filter_core/filter_pid.c:5250,which causes a Denial of Service (DoS). This vulnerability was fixed in commit b43f9d1.

CVE-2022-36190: Heap Use After Free in function gf_isom_dovi_config_get · Issue #2220 · gpac/gpac

GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. This vulnerability was fixed in commit fef6242.

7 Smart Ways to Secure Your E-Commerce Site

Especially if your e-commerce and CMS platforms are integrated, you risk multiple potential sources of intrusion, and the integration points themselves may be vulnerable to attack.

CVE-2022-25799: Unvalidated Redirects and Forwards - OWASP Cheat Sheet Series

An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.5.0. An attacker could send a link that has a specially crafted URL and convince the user to click the link. When an authenticated user clicks the link, the authenticated user's browser could be redirected to a malicious site that is designed to impersonate a legitimate website. The attacker could trick the user and potentially acquire sensitive information such as the user's credentials.

ÆPIC and SQUIP Vulnerabilities Found in Intel and AMD Processors

A group of researchers has revealed details of a new vulnerability affecting Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. Dubbed ÆPIC Leak, the weakness is the first-of-its-kind to architecturally disclose sensitive data in a manner that's akin to an "uninitialized memory read in the CPU itself." "In contrast to transient execution

CISA and FBI issue alert about Zeppelin ransomware

Categories: News Categories: Ransomware Tags: Zeppelin Tags: ransomware Tags: RDP Tags: Sonicwall Tags: phishing Tags: malvertising Tags: backups Tags: authentication Tags: mfa Tags: patching Tags: EDR The FBI and CISA have issued a joint Cybersecurity Advisory (CSA) to raise awareness about Zeppelin ransomware (Read more...) The post CISA and FBI issue alert about Zeppelin ransomware appeared first on Malwarebytes Labs.

Windows Vulnerability Could Crack DC Server Credentials Open

The security flaw tracked as CVE-2022-30216 could allow attackers to perform server spoofing or trigger authentication coercion on the victim.