Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

CVE-2022-2818: 2FA Bypass in Cockpit Content Platform ≤ v2.2.1 in cockpit

Authentication Bypass by Primary Weakness in GitHub repository cockpit-hq/cockpit prior to 2.2.2.

CVE
Open in Source
#vulnerability#google#apache#js#git#php#perl#auth#ibm#ssl
Flaw in the VA Medical Records Platform May Put Patients at Risk

The Veterans Affairs’ VistA software has a vulnerability that could let an attacker “masquerade as a doctor,” a security researcher warns.

Threat Roundup for August 5 to August 12

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Aug. 5 and Aug. 12. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our customers are automatically protected from these threats. As a reminder, the information provided for the following threats in this post is non-exhaustive and current as of the date of publication. Additionally, please keep in mind that IOC searching is only one part of threat hunting. Spotting a single IOC does not necessarily indicate maliciousness. Detection and coverage for the following threats is subject to updates, pending additional threat or vulnerability analysis. For the most current information, please refer to your Firepower Management Center, Snort.org, or ClamAV.net. For each threat described below, this blog post only lists 25...

Software Supply Chain Chalks Up a Security Win With New Crypto Effort

GitHub, the owner of the Node Package Manager (npm), proposes cryptographically linking source code and JavaScript packages in an effort to shore up supply chain security.

Ways That VoIP Technology Is Impacting Marketplaces and How to Adapt

By Owais Sultan VoIP stands for Voice Over Internet Protocol. It allows users to communicate wirelessly and with high-quality sound. This has… This is a post from HackRead.com Read the original post: Ways That VoIP Technology Is Impacting Marketplaces and How to Adapt

Cisco Patches High-Severity Vulnerability Affecting ASA and Firepower Solutions

Cisco on Wednesday released patches to contain multiple flaws in its software that could be abused to leak sensitive information on susceptible appliances. The issue, assigned the identifier CVE-2022-20866 (CVSS score: 7.4), has been described as a "logic error" when handling RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)

Crucial Cybersecurity Software Features (2022)

By Owais Sultan Cyberattacks aim to breach device, program, and system defenses to access critical company or individual data. If a… This is a post from HackRead.com Read the original post: Crucial Cybersecurity Software Features (2022)

Krebs: Taiwan, Geopolitical Headwinds Loom Large

During a keynote at Black Hat 2022, former CISA director Chris Krebs outlined the biggest risk areas for the public and private sectors for the next few years.

4 Flaws, Other Weaknesses Undermine Cisco ASA Firewalls

More than 1 million instances of firewalls running Cisco Adaptive Security Appliance (ASA) software have four vulnerabilities that undermine its security, a researcher finds.