vulnerability – Page 15 – PossibleThreat Articles

Security Sophos

Firefox fixes fullscreen fakery flaw – get the update now!

November 16, 2022 0 Comments firefox, Mozilla, Patch, vulnerability

Credit to Author: Paul Ducklin| Date: Wed, 16 Nov 2022 17:51:21 +0000

What’s so bad about a web page going fullscreen without warning you first?

Security Sophos

Log4Shell-like code execution hole in popular Backstage dev tool

November 15, 2022 0 Comments vulnerability

Credit to Author: Paul Ducklin| Date: Tue, 15 Nov 2022 17:49:49 +0000

Researchers at cloud coding security company Oxeye have written up a critical bug that they recently discovered in the popular cloud development toolkit Backstage. Their report includes an explanation of how the bug works, plus proof-of-concept (PoC) code showing how to exploit it. Backstage is what’s known as a cloud developer portal – a sort […]

Security Sophos

S3 Ep108: You hid THREE BILLION dollars in a popcorn tin?

November 10, 2022 0 Comments bust, cryptocurrency, Exploit, Law & order, Microsoft, Naked Security Podcast, Patch Tuesday, Podcast, Privacy, vulnerability, Windows

Credit to Author: Paul Ducklin| Date: Thu, 10 Nov 2022 17:26:34 +0000

Patches, busts, leaks and why even low-likelihood exploits can be high-severity risks – listen now!

Security Sophos

Emergency code execution patch from Apple – but not an 0-day

November 9, 2022 0 Comments Apple, cve-2022-40303, cve-2022-40304, iOS, OS X, vulnerability

Credit to Author: Paul Ducklin| Date: Thu, 10 Nov 2022 01:49:12 +0000

Not a zero-day, but important enough for a quick-fire patch to one system library…

Security Sophos

Exchange 0-days fixed (at last) – plus 4 brand new Patch Tuesday 0-days!

November 9, 2022 0 Comments 0 day, exchange, Exploit, Microsoft, Patch Tuesday, Privacy, vulnerability, zero day

Credit to Author: Paul Ducklin| Date: Wed, 09 Nov 2022 17:58:37 +0000

In all the excitement, we kind of lost count ourselves. Were there six 0-days, or only four?

Security Sophos

S3 Ep107: Eight months to kick out the crooks and you think that’s GOOD? [Audio + Text]

November 3, 2022 0 Comments Apple, bust, Cybercrime, cyberextortion, data breach, data loss, Google, heartbleed, Law & order, malware, Naked Security Podcast, OpenSSL, Patches, Podcast, Privacy, vulnerability

Credit to Author: Paul Ducklin| Date: Thu, 03 Nov 2022 17:51:27 +0000

Listen now – latest episode – audio plus full transcript

Security Sophos

The OpenSSL security update story – how can you tell what needs fixing?

November 2, 2022 0 Comments Cryptography, cve-2022-3602, cve-2022-378, OpenSSL, vulnerability

Credit to Author: Paul Ducklin| Date: Thu, 03 Nov 2022 00:44:19 +0000

How to Hack! Finding OpenSSL library files and accurately identifying their version numbers…

Security Sophos

OpenSSL patches are out – CRITICAL bug downgraded to HIGH, but patch anyway!

November 1, 2022 0 Comments Cryptography, cve-2022-3602, cve-2022-3786, OpenSSL, vulnerability, vulneravility

Credit to Author: Paul Ducklin| Date: Tue, 01 Nov 2022 17:24:07 +0000

That bated-breath OpenSSL update is out! It’s no longer rated CRITICAL, but we advise you to patch ASAP anyway. Here’s why…

Security Sophos

SHA-3 code execution bug patched in PHP – check your version!

November 1, 2022 0 Comments cryptograhpy, Cryptography, cve-2022-37454, php, sha-3, vulnerability

Credit to Author: Paul Ducklin| Date: Tue, 01 Nov 2022 14:09:10 +0000

As everyone waits for news of a bug in OpenSSL, here’s a reminder that other cryptographic code in your life may also need patching!

Security Sophos

Chrome issues urgent zero-day fix – update now!

October 29, 2022 0 Comments 0 day, chrome, chromium, cve-2022-3723, Edge, Exploit, Google, Google Chrome, vulnerability, zero day

Credit to Author: Paul Ducklin| Date: Sat, 29 Oct 2022 15:08:55 +0000

We’ve said it before/And we’ll say it again/It’s not *if* you should patch/It’s a matter of *when*. (Hint: now!)