Security News > 2022 > August > Week in review: Spot deep-faked job candidates, data exfiltration via bookmarks, Patch Tuesday forecast
Browser synchronization abuse: Bookmarks as a covert data exfiltration channelTwo universal and seemingly innocuous browser features - the ability to create bookmarks and browser synchronization - make users' lives easier, but may also allow hackers to establish a covert data exfiltration channel.
6 ways your cloud data security policies are slowing innovation - and how to avoid thatAs practically every organization shifts from managing their data in network-based data centers to storing it in the cloud, cloud data security policies are created to secure this data in a cloud environment.
VMware: Patch this critical vulnerability immediately!The security researcher who reported CVE-2022-31656 is planning to release a technical writeup and a POC "Soon".
MI-X: Open source project helps you understand whether you are exploitableIn this Help Net Security video, Ofri Ouzan, Security Researcher at Rezilion, talks about MI-X, an open source tool aimed at effectively determining whether a local host or a running container image is truly vulnerable to a specific vulnerability by accounting for all factors which affect actual exploitability.
Now is the time to focus on software supply chain security improvementsIn this Help Net Security video, Kevin Bocek, VP of Security Strategy and Threat Intelligence, Venafi, discusses how CIOs are becoming increasingly concerned about the serious business disruptions, revenue loss, data theft, and customer damage that can result from successful software supply chain attacks.
Machine learning creates a new attack surface requiring specialized defensesIn this interview for Help Net Security, Christopher Sestito, CEO of HiddenLayer, talks about machine learning security considerations, and the related threats organizations should be worried about.
News URL
Related news
- April 2024 Patch Tuesday forecast: New and old from Microsoft (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
- May 2024 Patch Tuesday forecast: A reminder of recent threats and impact (source)
- Week in review: Veeam fixes RCE flaw in backup management platform, Patch Tuesday forecast (source)
- Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws (source)
- May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-05 | CVE-2022-31656 | Unspecified vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. | 9.8 |