Apple Patches WebKit Code Execution Flaws
Apple’s product security response team on Monday rolled out patches to cover numerous serious security vulnerabilities affecting users of its flagship iOS and macOS platforms. read more
Continue ReadingInformation Security newsfeeds from around the world in English and French. Find it all in one place since 2004. You'll find online the last 5 years.
Apple’s product security response team on Monday rolled out patches to cover numerous serious security vulnerabilities affecting users of its flagship iOS and macOS platforms. read more
Continue ReadingCybersecurity firm NCC Group has shared details on two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page. read more
Continue ReadingAs the role of cybersecurity in large businesses increases remarkably year over year, the importance of Security Operations Centers (SOCs) is becoming paramount. This year’s Kaspersky Security Bulletin ends with tailored predictions for SOCs – from external and internal points of view. The first part of this report is devoted to the most current threats […]
Continue ReadingCloud risk management and threat detection firm Rapid7 warns that it has seen organizations being compromised in attacks exploiting a recently patched Zoho ManageEngine vulnerability. read more
Continue ReadingSeveral vulnerabilities described as having critical and high impact, including ones allowing unauthenticated remote code execution, have been found and patched in OpenText’s enterprise content management (ECM) product. read more
Continue ReadingA China-linked threat actor was observed exploiting a recently disclosed Fortinet FortiOS SSL-VPN vulnerability when it was still a zero-day, months before patches were released, Mandiant reports. read more
Continue ReadingDrupal this week announced software updates that resolve a total of four vulnerabilities in Drupal core and three plugins, and which could lead to unauthorized access to data. read more
Continue ReadingSoftware engineers tracking the quality of software bill of materials have stumbled on a startling discovery: Barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government. read more
Continue ReadingCisco on Wednesday announced patches for a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME). read more
Continue ReadingA cross-site request forgery (CSRF) vulnerability impacting the source control management (SCM) service Kudu could be exploited to achieve remote code execution (RCE) in multiple Azure services, cloud infrastructure security firm Ermetic has discovered. read more
Continue Reading