Lucene search
K

790 matches found

NVD
NVD
added 2022/09/14 8:15 p.m.16 views

CVE-2022-36056

Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First...

5.5CVSS0.00145EPSS
Exploits1References2
OSV
OSV
added 2022/09/14 7:50 p.m.21 views

CVE-2022-36056 Vulnerabilities with blob verification in sigstore cosign

Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First...

5.5CVSS5.7AI score0.00145EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2022/09/14 7:50 p.m.4 views

CVE-2022-36056

Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. In versions prior to 1.12.0 a number of vulnerabilities have been found in cosign verify-blob, where Cosign would successfully verify an artifact when verification should have failed. First...

5.5CVSS5.8AI score0.00145EPSS
Exploits1
Schneier on Security
Schneier on Security
added 2022/09/08 3:14 p.m.12 views

Facebook Has No Idea What Data It Has

This is from a court deposition: Facebooks stonewalling has been revealing on its own, providing variations on the same theme: It has amassed so much data on so many billions of people and organized it so confusingly that full transparency is impossible on a technical level. In the March 2022...

1.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/09/07 1:0 p.m.17 views

YouTube transparency report shows battle against misinformation

Statistics for YouTube community guidelines enforcement are now available for the period April to June 2022, via Googles Transparency Report. YouTube channels are terminated if they accrue three community guideline strikes in 90 days, have a case of severe abuse predatory behaviour, for example, ...

0.5AI score
Exploits0
HackRead
HackRead
added 2022/09/01 12:20 p.m.17 views

Sephora Fined $1.2 Million for Breaching CCPA and Selling User Data

By Deeba Ahmed Sephora claims it respects consumer privacy and "strives to be transparent about how their personal information is used" to improve customer experience. This is a post from HackRead.com Read the original post: Sephora Fined $1.2 Million for Breaching CCPA and Selling User Data...

2.3AI score
Exploits0
OSV
OSV
added 2022/08/18 9:15 p.m.3 views

CVE-2022-36947

Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7.5 results in a stack buffer overflow...

9.8CVSS5.9AI score0.02046EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/08/18 9:15 p.m.4 views

CVE-2022-36947

Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7.5 results in a stack buffer overflow...

9.8CVSS6.2AI score0.02046EPSS
Exploits0References4
Wired Threat Level
Wired Threat Level
added 2022/08/18 10:0 a.m.25 views

The Family That Mined the Pentagon's Data for Profit

The Freedom of Information Act helps Americans learn what the government is up to. The Poseys exploited it—and became unlikely defenders of transparency...

2.5AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/08/15 3:0 p.m.27 views

Qualys Security Updates: Cloud Agent for Linux

The security and protection of our customers is of the utmost importance to Qualys, as is transparency whenever issues arise. A customer responsibly disclosed two scenarios related to the Qualys Cloud Agent: 1. For the first scenario, we added supplementary safeguards for signatures running on...

6.7AI score0.00369EPSS
Exploits0
Imperva Blog
Imperva Blog
added 2022/08/09 11:37 a.m.22 views

Why Cybersecurity Needs to be a Part of Your ESG

What is an ESG? Environmental, social, and corporate governance ESG documentation is a way to visualize and evaluate how an organization is working for the betterment of social goals and how that organization is responding to the cry for greener, more aware, and more responsible, sustainable...

0.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2022/07/26 11:0 a.m.27 views

Aflac Reduces Critical Vulnerabilities by 55% with Qualys VMDR 2.0 with TruRisk

The following is a guest blog by Aflac, a Qualys VMDR customer, on their recent experience completing a Proof of Concept project for the newly release VMDR 2.0 with Qualys TruRisk. About Aflac Aflac Inc. NYSE: AFL is an insurance leader and the largest provider of supplemental insurance in the...

0.5AI score
Exploits0
The Hacker News
The Hacker News
added 2022/07/22 9:19 a.m.42 views

Google Bringing the Android App Permissions Section Back to the Play Store

Google on Thursday said it's backtracking on a recent change that removed the app permissions list from the Google Play Store for Android across both the mobile app and the web. "Privacy and transparency are core values in the Android community," the Android Developers team said in a series of...

0.9AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/07/06 12:33 p.m.18 views

transparencia.camarabelojardim.pe.gov.br Cross Site Scripting vulnerability OBB-2735207

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2022/05/26 8:3 a.m.26 views

Twitter Fined $150 Million for Misusing Users' Data for Advertising Without Consent

Twitter, which is in the process of being acquired by Tesla CEO Elon Musk, has agreed to pay $150 million to the U.S. Federal Trade Commission FTC to settle allegations that it abused non-public information collected for security purposes to serve targeted ads. In addition to the monetary penalty...

0.5AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/05/16 7:46 a.m.13 views

transparencia.camarabelojardim.pe.gov.br Cross Site Scripting vulnerability OBB-2619178

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploits0
Fedora
Fedora
added 2022/05/16 1:9 a.m.36 views

[SECURITY] Fedora 36 Update: chafa-1.8.0-4.fc36

Chafa is a command-line utility that converts all kinds of images, including animated image formats like GIFs, into ANSI/Unicode character output that can be displayed in a terminal. It is highly configurable, with support for alpha transparency and multiple color modes and color spaces, combinin...

5.5CVSS5.5AI score0.0085EPSS
Exploits1
Malwarebytes
Malwarebytes
added 2022/04/28 2:11 p.m.17 views

Facebook phishers threaten users with Page Recovery Help Support

We’ve seen multiple hijacked profiles on Facebook recently claiming to be account recovery services. These bogus account recovery services arent here to help. Theyre actually just trying to scare users into falling for phishing attempts. The people behind these scams target Facebook pages belongi...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2022/04/27 12:9 p.m.18 views

Google's New Safety Section Shows What Data Android Apps Collect About Users

Google on Tuesday officially began rolling out a new "Data safety" section for Android apps on the Play Store to highlight the type of data being collected and shared with third-parties. "Users want to know for what purpose their data is being collected and whether the developer is sharing user...

7AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/03/31 7:59 p.m.17 views

MITRE Engenuity ATT&CK Evaluation: InsightIDR Drives Strong Signal-to-Noise

Rapid7 is very excited to share the results of our participation in MITRE Engenuity’s latest ATT&CK Evaluation, which examines how adversaries abuse data encryption to exploit organizations. With this evaluation, our customers and the broader security community get a deeper understanding of how...

7AI score
Exploits0
Rows per page
Query Builder