Read Time:2 Second
Fourteen detained as part of Europol operation
Monthly Archives: November 2022
Ireland’s DPC Fines Meta €265m Following Large-Scale Data Leak
Read Time:5 Second
The fine followed an inquiry into data processing by Meta in response to a major data breach
Experts Find 16,000+ Scam FIFA World Cup Domains
How to build a public profile as a cybersecurity pro
Read Time:52 Second
Cybersecurity professionals interested in raising their profiles as subject matter experts can count on social media to become more visible. With everyone being online this may not be enough though. CSO spoke to Forrester analyst Jinan Budge and cybersecurity professionals Katie Moussouris, Troy Hunt, Rachel Tobac, and Christina Morillo about their journeys and their tips for those who want to build their public profile.
Some of these professionals have been known for their work for more than two decades while others may have become more prominent in the last decade. But they have all seen and experienced the good and the bad.
Step 1: Define your cybersecurity area of expertise and what success mean to you
Professionals can use many channels to share their knowledge: blogs, video content, tweets, etc. How a professional decides to share knowledge will vary and it may not work in the first attempt, but one thing is key: Be yourself and discuss a topic you are comfortable with and understand.
Web App and API Attacks Surge 257% in Financial Services
botan2-2.19.3-1.el9
Read Time:8 Second
FEDORA-EPEL-2022-8f2df2e1e2
Packages in this update:
botan2-2.19.3-1.el9
Update description:
Bump botan2 to 2.19.3 (RHBZ 2143417, 2143418)
FreeBSD-EN-22:28.heimdal
CVE-2022-24190
Read Time:19 Second
The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. The user_token header is not implemented or present on this end-point. An attacker can send a request to bind their account to any users picture frame, then send a POST request to accept their own bind request, without the end-users approval or interaction.
CVE-2022-24189
Read Time:17 Second
The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not implemented properly. Removing the value causes all requests to succeed, bypassing authorization and session management. The impact of this vulnerability allows an attacker POST api calls with other users unique identifiers and enumerate information of all other end-users.
CVE-2022-24188
Read Time:24 Second
The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct object references allows to return password information for other end-users devices. Many of the picture frame devices offer video calling, and it is likely this information can be used to abuse that functionality.