Afternoon Dessert – 2022-12-13


Welcome to another Afternoon Dessert breakout:

Serious Attacks Could Have Been Staged Through This Amazon ECR Public Gallery Vulnerability
A critical security flaw has been disclosed in Amazon Elastic Container Registry (ECR) Public Gallery that could have been potentially exploited to stage a multitude of attacks, according to cloud security firm Lightspin.
“By exploiting this vulnerability, a malicious actor could delete all images in the Amazon ECR Public Gallery or update the image contents to inject malicious code,” Gafnit
Read more….

Citrix fixes critical ADC and Gateway zero-day exploited in attacks
Citrix is strongly urging admins to apply security updates for an actively exploited ‘Critical’ zero-day vulnerability in Citrix ADC and Gateway that allows a remote attacker to take control of a device. […]
Read more….

Amazon ECR Public Gallery flaw could have wiped or poisoned any image
A severe security flaw in the Amazon ECR (Elastic Container Registry) Public Gallery could have allowed attackers to delete any container image or inject malicious code into the images of other AWS accounts. […]
Read more….

New GoTrim botnet brute forces WordPress site admin accounts
A new Go-based botnet malware named ‘GoTrim’ is scanning the web for self-hosted WordPress websites and attempting to brute force the administrator’s password and take control of the site. […]
Read more….

Pwn2Own Toronto: 54 hacks, 63 new bugs, $1 million in bounties
That’s a mean average of $15,710 per bug… and 63 fewer bugs out there for crooks and rogues to find.
Read more….

COVID-bit: the wireless spyware trick with an unfortunate name
It’s not the switching that’s the problem, it’s the switching of the switching!
Read more….

Google releases dev tool to list vulnerabilities in project dependencies
Google has launched OSV Scanner, a new tool that allows developers to scan for vulnerabilities in open-source software dependencies used in their project. […]
Read more….

Microsoft December 2022 Patch Tuesday fixes 2 zero-days, 49 flaws
​Today is Microsoft’s December 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities, including an actively exploited bug, and a total of 49 flaws. […]
Read more….

Windows 10 KB5021233 and KB5021237 updates released
Microsoft has released the Windows 10 KB5021233 and KB5021237 cumulative updates for versions 22H2, version 21H2, version 21H1, and 1809 to fix security vulnerabilities and resolve twenty bugs and performance issues. […]
Read more….

Follow for more…


Create a website or blog at

%d bloggers like this: