Extra, Extra, Vert Reads All About It: Cybersecurity News For The Week Of August 29, 2022 – Security Boulevard

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 29, 2022 – Security Boulevard

The Home of the Security Bloggers Network
Home » Cybersecurity » Cloud Security » Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 29, 2022
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 29th, 2022. I’ve also included some comments on these stories.
The WordPress team this week announced the release of version 6.0.2 of the content management system (CMS), notes Security Week, with patches for three security bugs, including a high-severity SQL injection vulnerability.
“The content management system is subject to a SQL injection vulnerability. The issue exists in the WordPress Link functionality and usually affects older versions of WordPress. The functionality is disabled in newer versions of WordPress by default. The vulnerability exists because of improper sanitization of the limit argument of the link retrieval query in the get_bookmarks function. This vulnerability is patched in WordPress 6.0.2 and later.”
Security researchers are raising the alarm about mobile app developers relying on insecure practices that expose Amazon Web Services (AWS) credentials, making the supply chain vulnerable, Bleeping Computer reports.
“Both iOS and Android apps have exposed AWS credentials. With these credentials an attacker could gain access to databases or other services. It was estimated that 77% of the applications contained AWS tokens that could be used to access private cloud services. The security researchers noted that about 874 applications contained valid credentials that could be used to access database records that potentially contain sensitive personal information.”
Microsoft on Wednesday disclosed details of a now-patched “high severity vulnerability” in the TikTok app for Android that could (Read more…)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Andrew Swoboda. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-news/vert-cybersecurity-news-august-29-2022/
More Webinars
Security Boulevard Logo White
Dmca
Blog Ad 770X330 1 2

source


Leave a Comment

Leave a Reply

Your email address will not be published.

GAO: Comprehensive Strategy Needed to Overcome Cyber Threats – HS Today – HSToday

IOTW: Hacker allegedly hits both Uber and Rockstar | Cyber Security Hub – Cyber Security Hub

New Whistic VP Jake Bernardes says transparency is the key for businesses to strengthen cybersecurity – Business Wire

Cybersecurity agencies reveal last year’s top malware strains – BleepingComputer