Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

(ISC)² Opens Global Enrollment for '1 Million Certified in Cybersecurity' Initiative

(ISC)² pledges to expand and diversify the cybersecurity workforce by providing free "(ISC)² Certified in Cybersecurity" education and exams to 1 million people worldwide.

DARKReading
Open in Source
#sap#ssl
CVE-2022-1552: PostgreSQL 14.3, 13.7, 12.11, 11.16, and 10.21 Released!

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.

How to set up an iPhone for your kids

Categories: Personal The new school year is just around the corner, and for some parents and guardians this also means giving their kid their own iPhone. Quite nerve-wracking, but we got you! (Read more...) The post How to set up an iPhone for your kids appeared first on Malwarebytes Labs.

Final Fantasy 14 players targeted by QR code phishing

Categories: News Categories: Scams We take a look at multiple reports of Final Fantasy 14 players attacked by a wave of QR themed phishing. (Read more...) The post Final Fantasy 14 players targeted by QR code phishing appeared first on Malwarebytes Labs.

RHSA-2022:6224: Red Hat Security Advisory: openssl security and bug fix update

An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1292: openssl: c_rehash script allows command injection * CVE-2022-1343: openssl: Signer certificate verification returns inaccurate response when using OCSP_NOCHECKS * CVE-2022-1473: openssl: OPENSSL_LH_flush() breaks reuse of memory * CVE-2022-2068: openssl: the c_rehash script allows command injection * CVE-2022-2097: openssl: AES OCB fails to encryp...

Phishing Campaign Targets PyPI Users to Distribute Malicious Code

The first-of-its-kind campaign threatens to remove code packages if developers don’t submit their code to a "validation" process.

CVE-2022-38784: Poppler

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.

CVE-2022-37177: HireVue Hiring Platform: Video Interviews, Assessment, Scheduling, AI, Chatbot | HireVue

HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm.

The Telegram-Powered News Outlet Waging Guerrilla War on Russia

Anti-Putin media network February Morning has become a central player in the underground fight against the Kremlin.

CVE-2022-38555: Linksys | Networking & WiFi Technology

Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name.