Aggregator

CVE-2022-21619 | Oracle Java SE 8u341/8u345-perf/11.0.16.1/17.0.4.1/19 Security (Nessus ID 211429)

Vuldb Updates
2 months 1 week ago
A vulnerability, which was classified as problematic, has been found in Oracle Java SE 8u341/8u345-perf/11.0.16.1/17.0.4.1/19. This issue affects some unknown processing of the component Security. The manipulation leads to an unknown weakness. The identification of this vulnerability is CVE-2022-21619. The attack may be initiated remotely. There is no exploit available.
vuldb.com

CVE-2024-6257 | HashiCorp Shared Library up to 1.7.3 go-getter command injection (Nessus ID 211431)

Vuldb Updates
2 months 1 week ago
A vulnerability, which was classified as critical, has been found in HashiCorp Shared Library up to 1.7.3. Affected by this issue is some unknown functionality of the component go-getter. The manipulation leads to command injection. This vulnerability is handled as CVE-2024-6257. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2022-39377 | sysstat up to 12.7.0 on 32-bit sa_common.c allocate_structures buffer overflow (GHSA-q8r6-g56f-9w7x / Nessus ID 211432)

Vuldb Updates
2 months 1 week ago
A vulnerability classified as critical was found in sysstat up to 12.7.0 on 32-bit. Affected by this vulnerability is the function allocate_structures of the file sa_common.c. The manipulation leads to buffer overflow. This vulnerability is known as CVE-2022-39377. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Cyberstarts Program Sparks Debate Over Ethical Boundaries

DataBreachToday.com
2 months 1 week ago
Scrutiny Over Ethics of Profit-Sharing Prompts End to Cyberstarts CISO Compensation
Allegations of conflicts of interest in Cyberstarts’ Sunrise program have sparked debate in the CISO community. While the program connected CISOs with startups for advisory purposes, its profit-sharing incentives drew criticism, leading some participants to resign and the firm to halt compensation.

ISMG Editors: Ransomware - The Growing Public Health Crisis

DataBreachToday.com
2 months 1 week ago
Also: Anticipating Donald Trump's Second Term; a Surprising Cybersecurity Merger
In the latest weekly update, ISMG editors explored the growing threat of disrupted ransomware attacks as a public health crisis, the potential global impact of a Donald Trump's second presidential term, and implications of the latest big merger in the cybersecurity market.

Cloud Platform Bugs Threaten Smart Home Security

DataBreachToday.com
2 months 1 week ago
Researchers Find Exploitable Flaws in the OvrC Platform
Security flaws in a cloud platform for remotely configuring and monitoring Internet of Things gadgets could expose millions of devices to remote code execution hacks. Security researchers at Claroty's Team82 uncovered 10 vulnerabilities in the widely used OvrC cloud platform.

CISA Faces Uncertain Future Under Trump

DataBreachToday.com
2 months 1 week ago
Trump Administration Picks May Test Bipartisan Support for Cybersecurity Agency
Newly empowered Republicans in U.S. president-elect Donald Trump's orbit appear slated to enact far-reaching changes to the federal cyber defense agency, with one senator pledging to act on his long-standing enmity to the Cybersecurity and Infrastructure Security Agency.

One Brooklyn Agrees to $1.5M Settlement in 2022 Hack Lawsuit

DataBreachToday.com
2 months 1 week ago
Health System's Cyberattack Affected More Than 235,000 Patients, Employees, Others
A New York state court has approved a preliminary $1.5 million settlement of a consolidated proposed class action lawsuit against One Brooklyn Health System following a November 2022 cyberattack that involved theft of sensitive health data belonging to more than 235,000 people.

Managed ad