Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Google Rolling Out Passkey Passwordless Login Support to Android and Chrome

Google on Wednesday officially rolled out support for passkeys, the next-generation authentication standard, to both Android and Chrome. "Passkeys are a significantly safer replacement for passwords and other phishable authentication factors," the tech giant said. "They cannot be reused, don't leak in server breaches, and protect users from phishing attacks." The feature was first

The Hacker News
Open in Source
#web#ios#android#mac#windows#apple#google#microsoft#git#auth#chrome#The Hacker News
Beachhead Solutions Adds Windows Security Management to the BeachheadSecure® Platform

Included at no added cost, BeachheadSecure now provides accountwide management of Microsoft Defender AV, Firewall, and Controlled Folders for the most complete PC and device security available.

CVE-2022-40871: GitHub - youncyb/dolibarr-rce: DOLIBARR ERP & CRM rce

Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.

Cybersecurity Threats to Health Services: Why We Should Be Concerned

By Owais Sultan Hospitals and medical facilities are lucrative targets for hackers. It’s not enough anymore to keep software updated and… This is a post from HackRead.com Read the original post: Cybersecurity Threats to Health Services: Why We Should Be Concerned

CVE-2022-3465: Vulnerability/MediaLink Unauthorized access.md at main · Peanut886/Vulnerability

A vulnerability classified as critical was found in Mediabridge Medialink. This vulnerability affects unknown code of the file /index.asp. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210700.

CVE-2022-2720: Security Advisory 2022-18

In affected versions of Octopus Server it was identified that when a sensitive value is a substring of another value, sensitive value masking will only partially work.

Microsoft Patch Tuesday Fixes New Windows Zero-Day; No Patch for Exchange Server Bugs

Microsoft's Patch Tuesday update for the month of October has addressed a total of 85 security vulnerabilities, including fixes for an actively exploited zero-day flaw in the wild. Of the 85 bugs, 15 are rated Critical, 69 are rated Important, and one is rated Moderate in severity. The update, however, does not include mitigations for the actively exploited ProxyNotShell flaws in Exchange Server

CVE-2022-41530: bug_report/SQLi-2.md at main · yueleve/bug_report

Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_borrower.

CVE-2022-41407: Bug_report/SQLi-2.md at main · CokuTau-CH/Bug_report

Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order.

CVE-2022-41406: Bug_report/RCE-1.md at main · CokuTau-CH/Bug_report

An arbitrary file upload vulnerability in the /admin/admin_pic.php component of Church Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.