790 matches found
CVE-2022-36056
Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First...
CVE-2022-36056 Vulnerabilities with blob verification in sigstore cosign
Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First...
CVE-2022-36056
Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First...
Facebook Has No Idea What Data It Has
This is from a court deposition: Facebooks stonewalling has been revealing on its own, providing variations on the same theme: It has amassed so much data on so many billions of people and organized it so confusingly that full transparency is impossible on a technical level. In the March 2022...
YouTube transparency report shows battle against misinformation
Statistics for YouTube community guidelines enforcement are now available for the period April to June 2022, via Googles Transparency Report. YouTube channels are terminated if they accrue three community guideline strikes in 90 days, have a case of severe abuse predatory behaviour, for example, ...
Sephora Fined $1.2 Million for Breaching CCPA and Selling User Data
By Deeba Ahmed Sephora claims it respects consumer privacy and "strives to be transparent about how their personal information is used" to improve customer experience. This is a post from HackRead.com Read the original post: Sephora Fined $1.2 Million for Breaching CCPA and Selling User Data...
CVE-2022-36947
Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7.5 results in a stack buffer overflow...
CVE-2022-36947
Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7.5 results in a stack buffer overflow...
The Family That Mined the Pentagon's Data for Profit
The Freedom of Information Act helps Americans learn what the government is up to. The Poseys exploited it—and became unlikely defenders of transparency...
Qualys Security Updates: Cloud Agent for Linux
The security and protection of our customers is of the utmost importance to Qualys, as is transparency whenever issues arise. A customer responsibly disclosed two scenarios related to the Qualys Cloud Agent: 1. For the first scenario, we added supplementary safeguards for signatures running on...
Why Cybersecurity Needs to be a Part of Your ESG
What is an ESG? Environmental, social, and corporate governance ESG documentation is a way to visualize and evaluate how an organization is working for the betterment of social goals and how that organization is responding to the cry for greener, more aware, and more responsible, sustainable...
Aflac Reduces Critical Vulnerabilities by 55% with Qualys VMDR 2.0 with TruRisk
The following is a guest blog by Aflac, a Qualys VMDR customer, on their recent experience completing a Proof of Concept project for the newly release VMDR 2.0 with Qualys TruRisk. About Aflac Aflac Inc. NYSE: AFL is an insurance leader and the largest provider of supplemental insurance in the...
Google Bringing the Android App Permissions Section Back to the Play Store
Google on Thursday said it's backtracking on a recent change that removed the app permissions list from the Google Play Store for Android across both the mobile app and the web. "Privacy and transparency are core values in the Android community," the Android Developers team said in a series of...
transparencia.camarabelojardim.pe.gov.br Cross Site Scripting vulnerability OBB-2735207
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Twitter Fined $150 Million for Misusing Users' Data for Advertising Without Consent
Twitter, which is in the process of being acquired by Tesla CEO Elon Musk, has agreed to pay $150 million to the U.S. Federal Trade Commission FTC to settle allegations that it abused non-public information collected for security purposes to serve targeted ads. In addition to the monetary penalty...
transparencia.camarabelojardim.pe.gov.br Cross Site Scripting vulnerability OBB-2619178
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
[SECURITY] Fedora 36 Update: chafa-1.8.0-4.fc36
Chafa is a command-line utility that converts all kinds of images, including animated image formats like GIFs, into ANSI/Unicode character output that can be displayed in a terminal. It is highly configurable, with support for alpha transparency and multiple color modes and color spaces, combinin...
Facebook phishers threaten users with Page Recovery Help Support
We’ve seen multiple hijacked profiles on Facebook recently claiming to be account recovery services. These bogus account recovery services arent here to help. Theyre actually just trying to scare users into falling for phishing attempts. The people behind these scams target Facebook pages belongi...
Google's New Safety Section Shows What Data Android Apps Collect About Users
Google on Tuesday officially began rolling out a new "Data safety" section for Android apps on the Play Store to highlight the type of data being collected and shared with third-parties. "Users want to know for what purpose their data is being collected and whether the developer is sharing user...
MITRE Engenuity ATT&CK Evaluation: InsightIDR Drives Strong Signal-to-Noise
Rapid7 is very excited to share the results of our participation in MITRE Engenuity’s latest ATT&CK Evaluation, which examines how adversaries abuse data encryption to exploit organizations. With this evaluation, our customers and the broader security community get a deeper understanding of how...