Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday
The computing giant patched 71 security vulnerabilities in an uncharacteristically light scheduled update, including its first Xbox bug.
Read More...
Bug in the Linux Kernel Allows Privilege Escalation Container Escape
A missing check allows unprivileged attackers to escape containers and execute arbitrary commands in the kernel.
Read More...
Novel Attack Turns Amazon Devices Against Themselves
Researchers have discovered how to remotely manipulate the Amazon Echo through its own speakers.
Read More...
NVIDIA’s Stolen Code-Signing Certs Used to Sign Malware
NVIDIA certificates are being used to sign malware, enabling malicious programs to pose as legitimate and slide past security safeguards on Windows machines.
Read More...
Ukrainian Man Arrested for Alleged Role in Ransomware Attack on Kaseya Others
He's the fifth member of the REvil ransomware gang to get busted in the past year.
Read More...
Best Practices
Rash of hacktivism incidents accompany Russia’s invasion of Ukraine
In keeping with the hybrid nature of Russia’s invasion of Ukraine, several hacktivist groups and hackers have joined the fight in the embattled nation, inclu...
Read More...
Dark Reading Reflects on International Womens Day
A look at how far the information security industry has come — and how far it still has to go.
Read More...
Researchers Devise Attack for Stealing Data During Homomorphic Encryption
A vulnerability in a Microsoft crypto library gives attackers a way to figure out what data is being encrypted in lockpicker-like fashion.
Read More...
Companies Code Leaking More Passwords and Secrets
Software code pushed to online code repositories exposed twice as many secrets compared to last year, putting organizations' security at risk.
Read More...
New Threats and Vulnerabilities
CVE-2022-0384
The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapi_get_wp_users AJAX action, allowing any authenticated u...
Read More...
CVE-2022-24416
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI t...
Read More...
CVE-2022-24468
Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24467, CVE-2022-24470, CVE-2022-24471, CVE-2022-24517, CVE-2022-245...
Read More...
CVE-2021-38296
Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1....
Read More...
CVE-2022-24399
The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data...
Read More...
CVE-2021-39022
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or in...
Read More...
Patch Management
Google: Were spotting more Chrome browser zero-day flaws in the wild Heres why
Here's why there were so many zero-day exploits for Chrome and other browsers in 2021.
Read More...
Google buys Mandiant for £4bn
The Federal Bureau of Investigation (FBI), Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), and National Security Agency...
Read More...
Microsoft March 2022 Patch Tuesday: 71 vulnerabilities fixed
Two of the vulnerabilities are rated critical -- CVE-2022-22006 and CVE-2022-24501.
Read More...
FBI warns of online scammers impersonating government officials law enforcement
Scammers typically call victims and say their identity was used in a crime before asking them to verify their social security number and date of birth.
Read More...
.png)
.png)
.png)
.png)
.png)
.png)
