** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in destiny.gg chat. It has been rated as problematic. This issue affects the function websocket.Upgrader of the file main.go. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is bebd256fc3063111fb4503ca25e005ebf6e73780. It is recommended to apply a patch to fix this issue. The identifier VDB-216521 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Yearly Archives: 2022
CVE-2020-36624
A vulnerability was found in ahorner text-helpers 1.1.0/1.1.1. It has been declared as critical. This vulnerability affects unknown code of the file lib/text_helpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The attack can be initiated remotely. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is 184b60ded0e43c985788582aca2d1e746f9405a3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216520.
How Marvel’s Avengers inspire Pinsent Masons CISO to adapt cybersecurity hiring
Cybersecurity’s ongoing battle with a “skills shortage” has seen the sector lose its way regarding talent hiring and retention, says Christian Toon, CISO at London-based law firm Pinsent Masons. In an industry crying out for diversity and innovation, this year’s number one UK CSO 30 Awards winner says he takes inspiration from the Marvel Comics universe to challenge traditional HR approaches and more effectively recruit and keep security talent.
“We have what some describe as a war on talent, because you feel like you are fighting against the next organization for the greater good. I think we’ve kind of lost our way a little bit, both from a delegate or prospective employee perspective, but also from an employer’s perspective,” Toon says, speaking at the UK CSO 30 2022 Awards & Conference. The candidates are out there, he adds, but you have to change the traditional practices for hiring because if you always do what you always did, you’ll always get what you’ve always had.
UK Government: Sharing Some Passwords is Illegal
Ransomware Attack Hits The Guardian Newspaper
Researchers Develop AI-powered Malware Classification for 5G-enabled IIoT
A team of researchers came up with an ingenuous method leveraging AI to detect and classify malware in IIoT devices
ZDI-22-1687: Linux Kernel ksmbd Memory Exhaustion Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability.
ZDI-22-1688: Linux Kernel ksmbd Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is required to exploit this vulnerability.
ZDI-22-1689: Linux Kernel ksmbd Out-Of-Bounds Read Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Linux Kernel. Authentication is required to exploit this vulnerability.
ZDI-22-1690: Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability.