Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Update now! October patch Tuesday fixes actively used zero-day...but not the one you expected

Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: Apple Tags: Google Tags: Android Tags: Samsung Tags: Xiaomi Tags: Adobe Tags: SAP Tags: VMWare Tags: Fortinet Tags: CVE-2022-41033 Tags: CVE-2022-41040 Tags: zero-day No fix for ProxyNotShell (Read more...) The post Update now! October patch Tuesday fixes actively used zero-day...but not the one you expected appeared first on Malwarebytes Labs.

Malwarebytes
Open in Source
#vulnerability#ios#android#mac#windows#apple#google#microsoft#rce#ssrf#vmware#samsung#auth#xiaomi#zero_day#sap
Google Rolling Out Passkey Passwordless Login Support to Android and Chrome

Google on Wednesday officially rolled out support for passkeys, the next-generation authentication standard, to both Android and Chrome. "Passkeys are a significantly safer replacement for passwords and other phishable authentication factors," the tech giant said. "They cannot be reused, don't leak in server breaches, and protect users from phishing attacks." The feature was first

Beachhead Solutions Adds Windows Security Management to the BeachheadSecure® Platform

Included at no added cost, BeachheadSecure now provides accountwide management of Microsoft Defender AV, Firewall, and Controlled Folders for the most complete PC and device security available.

CVE-2022-40871: GitHub - youncyb/dolibarr-rce: DOLIBARR ERP & CRM rce

Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval.

Cybersecurity Threats to Health Services: Why We Should Be Concerned

By Owais Sultan Hospitals and medical facilities are lucrative targets for hackers. It’s not enough anymore to keep software updated and… This is a post from HackRead.com Read the original post: Cybersecurity Threats to Health Services: Why We Should Be Concerned

CVE-2022-3465: Vulnerability/MediaLink Unauthorized access.md at main · Peanut886/Vulnerability

A vulnerability classified as critical was found in Mediabridge Medialink. This vulnerability affects unknown code of the file /index.asp. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210700.

CVE-2022-2720: Security Advisory 2022-18

In affected versions of Octopus Server it was identified that when a sensitive value is a substring of another value, sensitive value masking will only partially work.

Microsoft Patch Tuesday Fixes New Windows Zero-Day; No Patch for Exchange Server Bugs

Microsoft's Patch Tuesday update for the month of October has addressed a total of 85 security vulnerabilities, including fixes for an actively exploited zero-day flaw in the wild. Of the 85 bugs, 15 are rated Critical, 69 are rated Important, and one is rated Moderate in severity. The update, however, does not include mitigations for the actively exploited ProxyNotShell flaws in Exchange Server

CVE-2022-41530: bug_report/SQLi-2.md at main · yueleve/bug_report

Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_borrower.

CVE-2022-41407: Bug_report/SQLi-2.md at main · CokuTau-CH/Bug_report

Online Pet Shop We App v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=orders/view_order.