Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

US healthcare billing services group hacked, affecting at least half a million individuals

Adaptive Health Integrations (AHI) has been breached. Sensitive information was accessed, but it took months to make the incident public. The post US healthcare billing services group hacked, affecting at least half a million individuals appeared first on Malwarebytes Labs.

Malwarebytes
Open in Source
#web#mac#git#auth
Over 50 countries sign the “Declaration for the Future of the Internet”

The US, EU member states, and other non-EU countries commit to this new internet declaration and encourage others to join. The post Over 50 countries sign the “Declaration for the Future of the Internet” appeared first on Malwarebytes Labs.

CVE-2022-29824: v2.9.14 · Tags · GNOME / libxml2

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

CVE-2022-29824: v2.9.14 · Tags · GNOME / libxml2

In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.

GHSA-9hr3-j9mc-xmq2: Path Traversal in com.alibaba.oneagent:one-java-agent-plugin

All versions of package `com.alibaba.oneagent:one-java-agent-plugin` are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. `../../evil.exe`). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine.

CVE-2020-23620: GitHub - joaomatosf/jexboss: JexBoss: Jboss (and Java Deserialization Vulnerabilities) verify and EXploitation Tool

The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object.

New Regulations in India Require Orgs to Report Cyber Incidents Within 6 Hours

CERT-In updates cybersecurity rules to include mandatory reporting, record-keeping, and more.

6 Best Practices to Ensure Kubernetes Security Meets Compliance Regulations

Security must be precise enough to meet compliance requirements without impeding DevOps and developer productivity. Here's how to strike that balance.

Watch out for these 3 small business cybersecurity mistakes

Get your cyberprotection on the right footing by steering clear of these three cultural pitfalls. The post Watch out for these 3 small business cybersecurity mistakes appeared first on Malwarebytes Labs.