Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

U.S. EPA Forms Task Force to Protect Water Systems from Cyberattacks

The U.S. Environmental Protection Agency (EPA) said it's forming a new "Water Sector Cybersecurity Task Force" to devise methods to counter the threats faced by the water sector in the country. "In addition to considering the prevalent vulnerabilities of water systems to cyberattacks and the challenges experienced by some systems in adopting best practices, this Task Force in its deliberations

The Hacker News
Open in Source
#vulnerability#The Hacker News
Red Hat Quay 3.11: Smarter permissions, lifecycle, and AWS integration

The Quay team is excited to announce that Red Hat Quay 3.11 will be generally available this month. This release will introduce updates to permission management and image lifecycle automation automation for more effective management at scale. Significant updates include:Team-sync with OIDC groupsPruning policies at the repository levelMore Quay feature coverage in the new UIGeneral AWS STS supportQuay operator enhancementsIncreased control across user groupsWith Quay 3.11, users can manage permissions based on groupings defined in an OIDC provider (e.g. Azure Active Directory Service). Quay ad

Pro Players Hacked Live On Stream! Apex Legends Tournament Postponed

By Deeba Ahmed Apex Legends Global Series Thrown into Chaos as Hackers Invade Live Finals! This is a post from HackRead.com Read the original post: Pro Players Hacked Live On Stream! Apex Legends Tournament Postponed

GHSA-6hh7-46r2-vf29: Server crashes on invalid Cloud Function or Cloud Job name

### Impact Calling an invalid Parse Server Cloud Function name or Cloud Job name crashes server and may allow for code injection. ### Patches Added string sanitation for Cloud Function name and Cloud Job name. ### Workarounds Sanitize the Cloud Function name and Cloud Job name before it reaches Parse Server. ### References - https://github.com/parse-community/parse-server/security/advisories/GHSA-6hh7-46r2-vf29 - https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.29 (Fix for Parse Server 7 alpha) - https://github.com/parse-community/parse-server/releases/tag/6.5.5 (Fix for Parse Server 6 LTS)

Cybercriminals Beta Test New Attack to Bypass AI Security

By Waqas New AI-Dodging Phishing Attack AI Security and Exploits Machine Learning. This is a post from HackRead.com Read the original post: Cybercriminals Beta Test New Attack to Bypass AI Security

Ubuntu Security Notice USN-6701-1

Ubuntu Security Notice 6701-1 - Ruihan Li discovered that the bluetooth subsystem in the Linux kernel did not properly perform permissions checks when handling HCI sockets. A physically proximate attacker could use this to cause a denial of service. It was discovered that the NVIDIA Tegra XUSB pad controller driver in the Linux kernel did not properly handle return values in certain error conditions. A local attacker could use this to cause a denial of service.

Tramyardg Autoexpress 1.3.0 Cross Site Scripting

Tramyardg Autoexpress version 1.3.0 suffers from a persistent cross site scripting vulnerability.

SurveyJS Survey Creator 1.9.132 Cross Site Scripting

SurveyJS Survey Creator versions 1.9.132 and below suffer from both reflective and persistent cross site scripting vulnerabilities.

Quick.CMS 6.7 SQL Injection

Quick.CMS version 6.7 suffers from a remote SQL injection vulnerability that allows for authentication bypass.