transparencia.ma.gov.br Cross Site Scripting vulnerability OBB-3201265

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

SUSE CVE-2012-3966

Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a negative height value in a BMP image within a...

SUSE CVE-2016-10218

The pdf14poptransparencygroup function in base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted file...

SUSE CVE-2016-10220

The gsmakewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted file that is mishandled in the PDF Transparency module...

Rapid7 Recognized on Bloomberg Gender Equality Index, Continues Commitments to Support DEI

For the fifth year in a row, Rapid7 is pleased to share that we've been included in the Bloomberg Gender Equality Index. The Gender Equality Index GEI recognizes publicly traded companies for being transparent in their commitment to gender equality. This includes how they score in areas such as...

I’m Now a Full-Time Professional Open Source Maintainer

or, "Holy shit, it works!" Last May I left my job on the Go team at Google to experiment with more sustainable paths for open-source maintainers. I held on to my various maintainer hats Go cryptography, transparency tooling, age, mkcert, yubikey-agent…, iterated on the model since September, and ...

GUAC - Aggregates Software Security Metadata Into A High Fidelity Graph Database

Note: GUAC is under active development - if you are interested in contributing, please look at contributor guide and the "express interest" issue Graph for Understanding Artifact Composition GUAC aggregates software security metadata into a high fidelity graph database—normalizing entity identiti...

transparencia.camarabelojardim.pe.gov.br Cross Site Scripting vulnerability OBB-3166962

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

How to build a secure foundation for identity and access

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Christina Richmond, a...

Who tracked internet users in 2021–2022

Every time you go online, someone is watching over you. The services you use, the websites you visit, the apps on your phone, smart TVs, gaming consoles, and any networked devices collect data on you with the help of trackers installed on web pages or in software. The websites and services send...

November 22, 2022—KB5020032 (OS Build 20348.1311) Preview

November 22, 2022—KB5020032 OS Build 20348.1311 Preview NEW 12/22/22 IMPORTANT After November 22, 2022, there are no more optional, non-security preview releases for Windows Server 2022. Only cumulative monthly security updates known as the "B" or Update Tuesday release will continue for Windows...

Simplify privacy protection with Microsoft Priva Subject Rights Requests

The General Data Protection Regulation GDPR came into effect in 2018 and set a new standard for the level of control individuals in the European Union had on the personal data they shared online. Since then, the number of privacy regulations around the world has flourished and impacted the privac...

Simplify privacy protection with Microsoft Priva Subject Rights Requests

The General Data Protection Regulation GDPR came into effect in 2018 and set a new standard for the level of control individuals in the European Union had on the personal data they shared online. Since then, the number of privacy regulations around the world has flourished and impacted the privac...

Apple iOS and macOS Flaw Could've Let Apps Eavesdrop on Your Conversations with Siri

A now-patched security flaw in Apple's iOS and macOS operating systems could have potentially enabled apps with Bluetooth access to eavesdrop on conversations with Siri. Apple said "an app may be able to record audio using a pair of connected AirPods," adding it addressed the Core Bluetooth issue...

CVE-2022-36056

Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First...

CVE-2022-36056 Vulnerabilities with blob verification in sigstore cosign

Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First...

CVE-2022-36056

Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First...

Facebook Has No Idea What Data It Has

This is from a court deposition: Facebooks stonewalling has been revealing on its own, providing variations on the same theme: It has amassed so much data on so many billions of people and organized it so confusingly that full transparency is impossible on a technical level. In the March 2022...

YouTube transparency report shows battle against misinformation

Statistics for YouTube community guidelines enforcement are now available for the period April to June 2022, via Googles Transparency Report. YouTube channels are terminated if they accrue three community guideline strikes in 90 days, have a case of severe abuse predatory behaviour, for example, ...

Sephora Fined $1.2 Million for Breaching CCPA and Selling User Data

By Deeba Ahmed Sephora claims it respects consumer privacy and "strives to be transparent about how their personal information is used" to improve customer experience. This is a post from HackRead.com Read the original post: Sephora Fined $1.2 Million for Breaching CCPA and Selling User Data...