Customer and Employee Data the Top Prize for Hackers – Imperva
Customer and employee data accounts for almost half all stolen data while credit cards and password see a decline Read More
Applications Five Years or Older Likely to have Security Flaws
Veracode’s 2023 State of Software Security Report is focused on flaw introduction Read More
Over 100 CVEs Addressed in First Patch Tuesday of 2023
Microsoft's January Patch Tuesday resolved over 100 CVEs, including an actively exploited zero day Read More
Improve your AWS security posture, Step 2: Avoid direct internet access to AWS resources
In the first blog in this series, we discussed setting up IAM properly. Now we’re moving on to the second step, avoiding direct internet access...
Timeline of the latest LastPass data breaches
On November 30, 2022, password manager LastPass informed customers of a cybersecurity incident following unusual activity within a third-party cloud storage service. While LastPass claims...
CVE-2012-10004
A vulnerability was found in backdrop-contrib Basic Cart. It has been classified as problematic. Affected is the function basic_cart_checkout_form_submit of the file basic_cart.cart.inc. The manipulation...
USN-5799-1: Linux kernel (OEM) vulnerability
Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a...
DSA-5314 emacs – security update
It was discovered that missing input sanitising in the ctags functionality of Emacs may result in the execution of arbitrary shell commands. Read More
DSA-5315 libxstream-java – security update
XStream serializes Java objects to XML and back again. Versions prior to 1.4.15-3+deb11u2 may allow a remote attacker to terminate the application with a stack...
DSA-5316 netty – security update
Several out-of-memory, stack overflow or HTTP request smuggling vulnerabilities have been discovered in Netty, a Java NIO client/server socket framework, which may allow attackers to...