Top

Category: Vulnerabilities


Application security, Security, Threats & Malware, Vulnerabilities

Mandatory Chinese Olympics App Has ‘Devastating’ Encryption Flaw: Analyst

January 19, 2022

Via: Security Week

The “simple but devastating flaw” in the encryption of the MY2022 app, which is used to monitor Covid and is mandatory for athletes, journalists and other attendees of the games in China’s capital, could allow health information, voice messages and […]


Threats & Malware, Vulnerabilities

Organizations Face a ‘Losing Battle’ Against Vulnerabilities

January 18, 2022

Via: Threat Post

After a banner year for vulnerabilities and cyberattacks in 2021, organizations believe they are fighting a “losing battle” against security vulnerabilities and threats, “despite the billions of dollars spent collectively on cybersecurity technology,” according to an annual security report from […]


Threats & Malware, Vulnerabilities

Mozilla addresses High-Risk Firefox, Thunderbird vulnerabilities

January 13, 2022

Via: Security Affairs

Mozilla released Firefox 96 that addressed 18 security vulnerabilities in its web browser and the Thunderbird mail program. Nine vulnerabilities addressed by the new release are rated high-severity, the most severe one is a race condition issue tracked as CVE-2022-22746. […]


Threats & Malware, Vulnerabilities

Microsoft has uncovered loads of Windows 11 security threats – here’s what you need to do

January 13, 2022

Via: TechRadar

Microsoft has revealed that it has discovered several serious security vulnerabilities in Windows 11, as well as other versions including Windows 10. The revelations came as part of January 2022’s ‘Patch Tuesday’ – the day of the month that Microsoft […]


Threats & Malware, Vulnerabilities

When it comes to banking security, there’s no silver bullet

January 13, 2022

Via: Help Net Security

As banks start to increasingly embrace digital transformation, they become more susceptible to cyberattacks. What is making them so vulnerable? The banking and finance industry has traditionally been slow to adopt new technologies because of complex concerns with security, privacy, […]


Threats & Malware, Vulnerabilities

CISA Adds 15 Recent and Older Vulnerabilities to ‘Must-Patch’ List

January 12, 2022

Via: Security Week

Initially announced in early November 2021, the list includes more than 300 vulnerabilities that are a frequent attack vector in malicious attacks, and which represent a significant risk to federal organizations. The Known Exploited Vulnerabilities Catalog was published along with […]


Threats & Malware, Vulnerabilities

New ‘powerdir’ Vulnerability in macOS Exposes Protected Data

January 11, 2022

Via: Security Week

Tracked as CVE-2021-30970, the new security error, which Microsoft calls powerdir, allows an attacker to bypass the platform’s Transparency, Consent, and Control (TCC) technology and “potentially orchestrate an attack based on the user’s protected personal data.” Introduced in 2012, TCC […]


Threats & Malware, Vulnerabilities

WordPress 5.8.3 Patches Several Injection Vulnerabilities

January 10, 2022

Via: Security Week

Two of the flaws are SQL injections — one affects WP_Meta_Query (discovered by Ben Bidner of the WordPress security team) and one affects WP_Query (discovered by ngocnb and khuyenn of GiaoHangTietKiem JSC). Simon Scannell of SonarSource reported an object injection […]


Threats & Malware, Vulnerabilities

Log4Shell-like Critical RCE Flaw Discovered in H2 Database Console

January 7, 2022

Via: The Hacker News

Researchers have disclosed a security flaw affecting H2 database consoles that could result in remote code execution in a manner that echoes the Log4j “Log4Shell” vulnerability that came to light last month. The issue, tracked as CVE-2021-42392, is the ” […]


Threats & Malware, Vulnerabilities

FTC: Patch Log4j Vulnerability to Avoid Potential Legal Action

January 5, 2022

Via: Security Week

The FTC used Equifax as an example. The credit reporting agency suffered a massive data breach in 2017 after it failed to patch an Apache Struts vulnerability that had been exploited in the wild. The incident impacted over 140 million […]