EulerOS Virtualization 3.0.6.6 : nss (EulerOS-SA-2022-2521)

According to the versions of the nss packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA o...

The essentials of GRC and cybersecurity — How they empower each other

Understanding the connection between GRC and cybersecurity When talking about cybersecurity, Governance, Risk, and Compliance GRC is often considered the least exciting part of business protection. However, its importance can't be ignored, and this is why. While cybersecurity focuses on the...

The vulnerability of the implementation of LTE microprogramming technology in Qualcomm’s embedded chips allows a intruder to trigger a service failure.

The vulnerability of the LTE microprogramming technology implementation in Qualcomm’s embedded chips is related to deficiencies in the authentication process when processing the securityModeCommand parameter. Exploiting this vulnerability allows a malicious actor to trigger a service failure by...

Why Continuous Security Testing is a Must for Organizations Today

The global cybersecurity market is flourishing. Experts at Gartner predict that the end-user spending for the information security and risk management market will grow from $172.5 billion in 2022 to $267.3 billion in 2026. One big area of spending includes the art of putting cybersecurity defense...

CVE-2022-22091

Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables...

Imperva Is a Magic Quadrant Leader for Web Application and API Protection (again)

With the summer coming to a close we are now entering into “Magic Quadrant” season for the application security market and this means the latest edition of the 2022 Gartner® Magic Quadrant for Web and API Protection. Well, we are pleased with the result because once again Imperva has been...

Ubuntu: Security Advisory (USN-69-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-265-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

JSSLoader: the shellcode edition

The Malwarebytes Threat Intelligence team observed a malspam campaign in late June that we attribute to the FIN7 APT group. One of the samples was also reported on Twitter by Josh Trombley; during execution, it was observed to drop a secondary payload, written in .NET. Details about FIN7 campaign...

IT threat evolution in Q2 2022. Mobile statistics

IT threat evolution in Q2 2022 IT threat evolution in Q2 2022. Non-mobile statistics IT threat evolution in Q2 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Quarterly figures Accordin...

Forecasting Metaverse Threats: Will it Become Metaworse?

This report shares threat predictions concerning a rapidly evolving area of the physical and digital word – the metaverse. We refine our definition of the metaverse, while identifying threats against it and inside it...

OESA-2022-1785 evolution-data-server security update

The evolution-data-server package provides a personal information management application that provides integrated mail, calendaring and address book functionality. The evolution-data-server package provides a single database for common, desktop-wide information, such as a user's address book or...

Friday Squid Blogging: Evolution of the Vampire Squid

Short article on the evolution of the vampire squid. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

SUSE SLES12 Security Update : mozilla-nspr, mozilla-nss (SUSE-SU-2022:2536-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2536-1 advisory. - NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or...

Metasploit Weekly Wrap-Up

The past, present and future of Metasploit Don't miss Spencer McIntyre's talk on the Help Net Security's blog. Spencer is the Lead Security Researcher at Rapid7 and speaks about how Metasploit has evolved since its creation back in 2003. He also explains how the Framework is addressing today's...

Why Developers Hate Changing Language Versions

Progress powers technology forward. But progress also has a cost: by adding new capabilities and features, the developer community is constantly adjusting the building blocks. That includes the fundamental languages used to code technology solutions. When the building blocks change, the code behi...

evolution-ews bug fix and enhancement update

An update is available for evolution-ews. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The evolution-ews package allows Evolution to interact with Microsoft...

evolution-data-server bug fix and enhancement update

An update is available for evolution-data-server. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The evolution-data-server packages provide a unified back end f...

evolution-data-server bug fix and enhancement update

An update is available for evolution-data-server. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The evolution-data-server packages provide a unified back end f...

[Security Nation] Steve Micallef of SpiderFoot on Open-Source Intelligence

!\Security Nation\ Steve Micallef of SpiderFoot on Open-Source Intelligencehttps://blog.rapid7.com/content/images/2022/06/securitynationlogo-1.jpg In this episode of Security Nation, Jen and Tod chat with Steve Micallef about SpiderFoot, the open-source intelligence tool of which he is the creato...