Security
Headlines
HeadlinesLatestCVEs

Tag

#ssl

HiBoB Experts Reveal: Top Cybersecurity Threats for Employee Data

By Waqas Employee data—it contains some of your company’s most sensitive information. Salaries, social security numbers, health records…this stuff is… This is a post from HackRead.com Read the original post: HiBoB Experts Reveal: Top Cybersecurity Threats for Employee Data

HackRead
Open in Source
#vulnerability#google#intel#auth#ssl
Top 5 Marketing Tech SaaS Security Challenges

Effective marketing operations today are driven by the use of Software-as-a-Service (SaaS) applications. Marketing apps such as Salesforce, Hubspot, Outreach, Asana, Monday, and Box empower marketing teams, agencies, freelancers, and subject matter experts to collaborate seamlessly on campaigns and marketing initiatives.  These apps serve as the digital command centers for marketing

Senate Leaders Plan to Prolong NSA Surveillance Using a Must-Pass Bill

Top senate officials are planning to save the Section 702 surveillance program by attaching it to a must-pass piece of legislation. Critics worry a chance to pass privacy reforms will be missed.

CVE-2023-36667: Release Notes for Couchbase Server 7.2

Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal.

Government Surveillance Reform Act of 2023 Seeks to End Warrantless Police and FBI Spying

The Government Surveillance Reform Act of 2023 pulls from past privacy bills to overhaul how police and the feds access Americans’ data and communications.

CVE-2023-47360: VLC 3.0.13 - MMS Stream bugs

Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.

Confidence in File Upload Security is Alarmingly Low. Why?

Numerous industries—including technology, financial services, energy, healthcare, and government—are rushing to incorporate cloud-based and containerized web applications.  The benefits are undeniable; however, this shift presents new security challenges.  OPSWAT's 2023 Web Application Security report reveals: 75% of organizations have modernized their infrastructure this year. 78% have

CVE-2023-46845: EC-CUBE4系におけるRCE可能な脆弱性(JVN#29195731)

EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. As a result, arbitrary code may be executed on the server where the product is running by a user with an administrative privilege.

CVE-2022-48193: SYT-2022-11: Multiple vulnerabilities in smartLink SW-HT

Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL).

GHSA-5r5h-q934-cccp: Calico Typha denial of service vulnerability

In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish.