Category: Vulnerabilities

January 19, 2022

The “simple but devastating flaw” in the encryption of the MY2022 app, which is used to monitor Covid and is mandatory for athletes, journalists and other attendees of the games in China’s capital, could allow health information, voice messages and […]

January 18, 2022

After a banner year for vulnerabilities and cyberattacks in 2021, organizations believe they are fighting a “losing battle” against security vulnerabilities and threats, “despite the billions of dollars spent collectively on cybersecurity technology,” according to an annual security report from […]

January 13, 2022

Mozilla released Firefox 96 that addressed 18 security vulnerabilities in its web browser and the Thunderbird mail program. Nine vulnerabilities addressed by the new release are rated high-severity, the most severe one is a race condition issue tracked as CVE-2022-22746. […]

January 13, 2022

Microsoft has revealed that it has discovered several serious security vulnerabilities in Windows 11, as well as other versions including Windows 10. The revelations came as part of January 2022’s ‘Patch Tuesday’ – the day of the month that Microsoft […]

January 13, 2022

As banks start to increasingly embrace digital transformation, they become more susceptible to cyberattacks. What is making them so vulnerable? The banking and finance industry has traditionally been slow to adopt new technologies because of complex concerns with security, privacy, […]

January 12, 2022

Initially announced in early November 2021, the list includes more than 300 vulnerabilities that are a frequent attack vector in malicious attacks, and which represent a significant risk to federal organizations. The Known Exploited Vulnerabilities Catalog was published along with […]

January 11, 2022

Tracked as CVE-2021-30970, the new security error, which Microsoft calls powerdir, allows an attacker to bypass the platform’s Transparency, Consent, and Control (TCC) technology and “potentially orchestrate an attack based on the user’s protected personal data.” Introduced in 2012, TCC […]

January 10, 2022

Two of the flaws are SQL injections — one affects WP_Meta_Query (discovered by Ben Bidner of the WordPress security team) and one affects WP_Query (discovered by ngocnb and khuyenn of GiaoHangTietKiem JSC). Simon Scannell of SonarSource reported an object injection […]

January 7, 2022

Researchers have disclosed a security flaw affecting H2 database consoles that could result in remote code execution in a manner that echoes the Log4j “Log4Shell” vulnerability that came to light last month. The issue, tracked as CVE-2021-42392, is the ” […]

January 5, 2022

The FTC used Equifax as an example. The credit reporting agency suffered a massive data breach in 2017 after it failed to patch an Apache Struts vulnerability that had been exploited in the wild. The incident impacted over 140 million […]