Technical Advisory – NXP i.MX SDP_READ_DISABLE Fuse Bypass (CVE-2022-45163)
Vendor: NXP Semiconductors
Vendor URL: https://www.nxp.com
Affected Devices: i.MX RT 101x, i.MX RT102x, i.MX RT1050/6x, i.MX 6 Family, i.MX 7 Family, i.MX8M Quad/Mini, Vybrid
Author: Jon Szymaniak
CVE: CVE-2022-45163
Advisory URL: https://community.nxp.com/t5/Known-Limitations-and-Guidelines/SDP-Read-Bypass-CVE-2022-45163/ta-p/1553565
Risk: 5.3...
MITRE Engenuity Launches Evaluations for Security Service Providers
A new set of evaluations for managed security service providers that MITRE Engenuity has released can potentially give enterprise decision-makers a handy resource to consult when selecting a provider....
China-Based Billbug APT Infiltrates Certificate Authority
The state-sponsored cyberattack group known as Billbug managed to compromise a digital certificate authority (CA) as part of an wide-ranging espionage campaign that stretched back to March — a...
Iranian hackers use Log4Shell to mine crypto on federal computer system
Written by AJ Vicens Nov 16, 2022 |...
Ukraine’s ‘IT Army’ Stops 1,300 Cyberattacks in 8 Months of War
Ukrainian President Volodymyr Zelensky spoke to the G20 Summit's "Digital Transformation" panel this week, offering the benefits of his embattled country's cyber-defense experience to G20-allied countries. Zelensky noted that...
FTX hacker is now the 35th largest holder of ETH
The hacker that exploited the now-bankrupt FTX exchange last week made a tidy fortune that has propelled them to Ether (ETH) whale status.Just a day after the embattled FTX...
Wipermania: Malware Remains a Potent Threat, 10 Years Since ‘Shamoon’
Destructive wiper malware has evolved very little since the "Shamoon" virus crippled some 30,000 client and server systems at Saudi Aramco more than 10 years ago. Yet it remains as...
Andy Greenberg on how ‘Tracers in the Dark’ found the dark web’s worst criminals
Written by Tonya Riley Nov 15, 2022 |...
Infrastructure as Code Security and AppSec: Streamlined DevSecOps From App to Infra
Infrastructure as code (IaC) has fundamentally changed the way we build and manage infrastructure. By transforming cloud resources and their configurations into code, IaC allows us to store, version...
Neosec Introduces Automated Tokenization to Enable Full API Visibility Without Exposure of Sensitive Data
PALO ALTO, Calif., Nov. 15, 2022 /PRNewswire/ — Neosec, the pioneer in discovering and identifying API threats using behavioral analytics, today announced that it now tokenizes API activity data to...
