Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards
“The bug bounty literally changed my life. Before this, I had nothing.” Coolest thing he purchased: His first vehicle! Best gift to give: Buying his nephew gaming accessories. Favorite Hacking Companion: His two cats. They’re always by his side...
K82896488: Cyrus SASL vulnerability CVE-2022-24407
Cyrus SASL vulnerability CVE-2022-24407 Security Advisory Security Advisory Description In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL ...
K91589041: Expat vulnerabilities CVE-2021-45960, CVE-2022-22825, CVE-2022-22826, and CVE-2022-22827
Expat vulnerabilities CVE-2021-45960, CVE-2022-22825, CVE-2022-22826, and CVE-2022-22827 Security Advisory Security Advisory Description CVE-2021-45960 In Expat (aka libexpat) before 2.4.3, a left ...
K18484125: Eclipse Jetty vulnerability CVE-2020-27216
Eclipse Jetty vulnerability CVE-2020-27216 Security Advisory Security Advisory Description In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 ...
Cisco UCS Director JavaScript Cross-Site Scripting Vulnerability
<p>A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to <span class="TextRun Highlight SCXO16456276 BCX2"><span class="NormalTextRun SCXO16456276 BCX2">conduct a cross-site scripting attack on an affected system.</span></span></p>
<p>This vulnerability is due to unsanitized user input....
Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability
<p>A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.</p>
<p>This vulnerability is due to insufficient validation of user-supplied...
Cisco Common Services Platform Collector Cross-Site Scripting Vulnerabilities
<p>Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.</p>
<p>These vulnerabilities are due to insufficient validation...
Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities
<p>Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device.</p>
<p>For more information about these...
Cisco Secure Network Analytics Remote Code Execution Vulnerability
<p>A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system.</p>
<p>This vulnerability is due to insufficient user input...
VMSA-2022-0014: What You Need to Know
On May 18, 2022 VMware released VMSA-2022-0014, a critical advisory addressing security vulnerabilities found and resolved in VMware’s Workspace ONE Access, VMware Identity Manager (vIDM), vRealize Lifecycle Manager, vRealize Automation, and VMware Cloud Foundation products. VMware Identity Manager is...
K87323016: Apache mod_proxy vulnerability CVE-2020-13950
Apache mod_proxy vulnerability CVE-2020-13950 Security Advisory Security Advisory Description Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer ...
Apple Security Advisory 2022-05-16-8
Apple Security Advisory 2022-05-16-8 - Xcode 13.4 addresses a logic issue and a privilege escalation issue.
Apple Security Advisory 2022-05-16-7
Apple Security Advisory 2022-05-16-7 - Safari 15.5 addresses code execution and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-6
Apple Security Advisory 2022-05-16-6 - tvOS 15.5 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Apple Security Advisory 2022-05-16-5
Apple Security Advisory 2022-05-16-5 - watchOS 8.6 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.
Phishers Add Chatbot to the Phishing Lure
Researchers have discovered a new approach being taken by phishers to increase victim engagement and confidence: the addition of an interactive chatbot. We have all become accustomed to the chatbots used by many of the largest service providers –...
QuSecure Lauches Quantum-Resilient Encryption Platform
New firm launches to provide the Easy Button for implementing quantum secure encryption
The pressure to implement quantum secure encryption is increasing. This isn’t because functioning quantum computers able to crack asymmetric encryption are expected tomorrow, but because of the...
Iran, China-linked gangs join Putin’s disinformation war online
They're using the invasion 'to take aim at the usual adversaries,' Mandiant told The Reg Pro-Beijing and Iran miscreants are using the war in Ukraine to spread disinformation that supports these countries' political interests — namely, advancing anti-Western narratives...
6 Scary Tactics Used in Mobile App Attacks
Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene.
S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns [Podcast]
Latest episode - listen now!
