Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

CVE-2022-35643: Security Bulletin: IBM PowerVM VIOS could allow a remote attacker to tamper with system configuration or cause a denial of service (CVE-2022-35643)

IBM PowerVM VIOS 3.1 could allow a remote attacker to tamper with system configuration or cause a denial of service. IBM X-Force ID: 230956.

CVE
Open in Source
#vulnerability#ios#dos#ibm#ssl
CVE-2022-2576: 580018 – Denial-of-Service vulnerability in the DTLS stack

In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0.

How to Combat the Biggest Security Risks Posed by Machine Identities

The rise of DevOps culture in enterprises has accelerated product delivery timelines. Automation undoubtedly has its advantages. However, containerization and the rise of cloud software development are exposing organizations to a sprawling new attack surface. Machine identities vastly outnumber human ones in enterprises these days. Indeed, the rise of machine identities is creating cybersecurity

CVE-2022-1799: Release Notes  |  Google Play services  |  Google Developers

Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release.

CVE-2022-34558: Something strange happened with pre-release versions with wmagent · Issue #11188 · dmwm/WMCore

WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package.

CVE-2022-30287: Horde Webmail - Remote Code Execution via Email

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects.

APT-Like Phishing Threat Mirrors Landing Pages

By dynamically mirroring an organization’s login page, threat actors are propagating legitimate-looking phishing attacks that encourage victims to offer up access to the corporate crown jewels.

Microsoft: Hackers are Using Malicious IIS Extensions to Backdoor Exchange Servers

By Deeba Ahmed According to Microsoft, hackers are exploiting the IIS web servers to install backdoors and steal credentials in their… This is a post from HackRead.com Read the original post: Microsoft: Hackers are Using Malicious IIS Extensions to Backdoor Exchange Servers

Microsoft Uncovers Austrian Company Exploiting Windows and Adobe Zero-Day Exploits

A cyber mercenary that "ostensibly sells general security and information analysis services to commercial customers" used several Windows and Adobe zero-day exploits in limited and highly-targeted attacks against European and Central American entities. The company, which Microsoft describes as a private-sector offensive actor (PSOA), is an Austria-based outfit called DSIRF that's linked to the