Read Time:8 Second
Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.
Monthly Archives: May 2022
CVE-2021-0153
Read Time:8 Second
Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.
CVE-2021-0126
Read Time:8 Second
Improper input validation for the Intel(R) Manageability Commander before version 2.2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
SEC Consult SA-20220512-0 :: Sandbox Escape with Root Access & Clear-text passwords in Konica Minolta bizhub MFP Printer Terminals
Read Time:18 Second
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on May 12
SEC Consult Vulnerability Lab Security Advisory < 20220512-0 >
=======================================================================
title: Sandbox Escape with Root Access & Clear-text passwords
product: Multiple Konica Minolta bizhub MFP Printer Terminals
vulnerable version: see vulnerable / tested versions below
fixed version: see solution section below
CVE number: CVE-2022-29586,…
Re: Defense in depth — the Microsoft way (part 80): 25 (in words: TWENTY-FIVE) year old TRIVIAL bug crashes CMD.exe
Read Time:14 Second
Posted by Tavis Ormandy on May 12
They’re explaining that you need privileges to attack *other* users. I don’t
think anyone is disputing you can “attack” yourself.
I know, I know – we’ve had this discussion before, and nothing will
convince you that this isn’t a vulnerability 🙂
Tavis.
Oklahoma City Indian Clinic Data Breach Affects 40,000 Individuals
Read Time:3 Second
Investigation revealed unauthorized party accessed and possibly retained sensitive customer information
BrandPost: Deploy NDR to Modernize Your Cybersecurity Strategy
Read Time:33 Second
On March 21, the White House released a statement from President Biden regarding the nation’s cybersecurity, including recommendations for private companies. As the conflict in Ukraine continues, the president’s administration cited evolving intelligence that American organizations could face the ripple effects of cyberattacks sparked in Eastern Europe. While the statement addresses what the government will do to limit this impact, it also points out “the reality is that much of the Nation’s critical infrastructure is owned and operated by the private sector and the private sector must act to protect the critical services on which all Americans rely.”
Costa Rica Declares National Emergency Following Conti Cyber-Attack
Read Time:3 Second
The declaration came with IT systems across several ministries rendered unusable
USN-5420-1: Vorbis vulnerabilities
Read Time:11 Second
It was discovered that Vorbis incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service,
or possibly execute arbitrary code.
(CVE-2017-14160, CVE-2018-10392, CVE-2018-10393)
Smashing Security podcast #274: Hands off my biometrics, and a wormhole squirmish
Read Time:17 Second
Clearview AI receives something of a slap in the face, and who is wrestling over an internet wormhole?
All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.
And don’t miss our featured interview with Artur Kane of GoodAccess.