Security
Headlines
HeadlinesLatestCVEs

Tag

#web

1Kosmos Unifies Identity Verification User Journeys Across Web and Mobile Platforms

DARKReading
#web#git#auth#ssl
Many major websites allow users to have weak passwords

A new study that looked at the password requirements of the most popular websites came to a disappointing but not surprising conclusion.

Zoom Vulnerability Allowed Hackers to Take Over Meetings, Steal Data

By Waqas A critical Zoom Room vulnerability allowed exploiting service accounts for unauthorized tenant access. This is a post from HackRead.com Read the original post: Zoom Vulnerability Allowed Hackers to Take Over Meetings, Steal Data

CVE-2023-48945: Fuzzer: Virtuoso 7.2.11 crashed by stack smashing · Issue #1172 · openlink/virtuoso-opensource

A stack overflow in openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

Google Patches Another Chrome Zero-Day as Browser Attacks Mount

The vulnerability is among a rapidly growing number of zero-day bugs that major browser vendors have reported recently.

CVE-2023-44383: Stored XSS by authenticated backend user with improper configuration

October is a Content Management System (CMS) and web platform to assist with development workflow. A user with access to the media manager that stores SVG files could create a stored XSS attack against themselves and any other user with access to the media manager when SVG files are supported. This issue has been patched in version 3.5.2.

US Seizes Bitcoin Mixer Sinbad.io Used by Lazarus Group

By Waqas US Treasury Sanctions Sinbad.io for Laundering Millions in Stolen Funds Linked to North Korea's Lazarus Group. This is a post from HackRead.com Read the original post: US Seizes Bitcoin Mixer Sinbad.io Used by Lazarus Group

Patch Now: Attackers Pummel Critical, Easy-to-Exploit OwnCloud Flaw

A vulnerability in the file server and collaboration platform earned a 10 in severity on the CVSS, allowing access to admin passwords, mail server credentials, and license keys.

CVE-2023-6346: Chromium: CVE-2023-6346 Use after free in WebAudio

**Why is this Chrome CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

Thought GDPR Compliance Was Hard? Buckle Up

Guy Tytunovich, founder and CEO of CHEQ, says the days of a one-size-fits-all consent strategy are gone. Consider a two-pronged approach and use smart consent management technology to adapt to differing regulations.