The Daily Swig

Spring Data MongoDB hit by another critical SpEL injection flaw

This vulnerability was discovered by Zewei Zhang from NSFOCUS TIANJI Lab, who reported the issue on June 13, 2022. Spring released patched versions of Spring Data MongoDB, 3.4.1 and 3.3.5, only seven days later, on June 20.

Australia’s Monash University launches public bug bounty program

In-scope targets include the main Monash University web domain and mobile apps, along with various technologies that are used by the institution, including its VPN and FileShare instances.

Cyber Europe 2022: EU completes large-scale cyber war game exercise

Cyber Europe 2022 involved more than 800 cybersecurity specialists from 29 countries in the EU and the European Free Trade Area (EFTA), as well as EU institutions and agencies.

Mattax Neu Prater Eye Center Suffers Data Breach Impacting 92,000 Patients

Mattax Neu Prater Eye Center announced the breach at the end of June, however, the incident took place in December 2021. According to HIPAA, 92,361 individuals were impacted by the breach.

Gitlab patches critical RCE bug in latest security release

The security issue, which has been rated as critical, has been discovered in all versions of GitLab, starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1.

Chromium browsers vulnerable to dangling markup injection

A recently-patched security hole in Chromium browsers allowed attackers to bypass safeguards against dangling markup injection’, an attack that extracts sensitive information from webpages.

Ready Meal Distributor Apetito Restores Limited Deliveries in UK Following Cyberattack

The impacted arm of Apetito in the U.K delivers ready meals to hospitals, care homes, schools, childcare facilities, and the homes of vulnerable people across the west of England.

Researcher Bypasses Trusted Types Protection Mechanism in Google Chrome

The vulnerability was demonstrated in Chrome v100.0.4892.0 (Official Build) canary (64-bit). Other versions of Chrome and other browsers may be vulnerable, but this has not been tested.

Severe Parse Server bug impacts Apple Game Center

Tracked as CVE-2022-31083 and issued a CVSS severity score of 8.6, the security issue is described as a scenario in which the authentication adapter for Apple Game Center’s security certificate is not validated.

One in every 13 incidents blamed on API insecurity – report

The study, conducted by the Marsh McLennan Cyber Risk Analytics Center and based on an analysis of nearly 117,000 incidents, found that larger organizations were statistically more likely to have a greater preponderance of API-related incidents.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags