Software

SSRF vulnerability in VMWare authentication software could allow access to user data


Jessica Haworth

18 January 2022 at 13:30 UTC

Updated: 18 January 2022 at 13:42 UTC

Post-authentication bug could enable an attacker to infiltrate a user account

A server-side request forgery (SSRF) vulnerability in versions of VMWare authentication software could allow an attacker to obtain administrative JSON Web Tokens (JWT), researchers warn.

The SSRF bug was found in VMware Workspace ONE Access (previously known as Identity Manager), which provides multi-factor authentication, conditional access and single sign-on to SaaS, web, and native mobile apps.

The vulnerability (tracked as CVE-2021-22056), which was assigned a ‘moderate’ severity score of 5.5, could enable a

Read More

Tesla is rolling out software ‘fix’ to heat pump issue in cold weather, but some think it’s a hardware problem

Elon Musk announced that Tesla is starting to roll out a new over-the-air software update that includes a ‘fix’ to a heat pump issue that has been plaguing Tesla vehicles in cold-weather regions.

However, some are worried that it might need more than a software fix, as Tesla service centers have indicated to owners that it might be more of a hardware problem.

Last week, Electrek reported on Tesla owners are losing heat in extreme cold as some heat pumps are failing.

As we explained, it’s a problem that first emerged last winter with Tesla vehicles equipped with the automaker’s

Read More

Researchers discover ‘extremely easy’ 2FA bypass in Box cloud management software


Emma Woollacott

18 January 2022 at 14:01 UTC

Updated: 20 January 2022 at 14:22 UTC

Breaking the Box

Cloud management firm Box has moved to patch a flaw in its SMS-based multi-factor authentication (MFA), just weeks after its temporary one-time password (TOTP)-based MFA was found to have vulnerabilities too.

In a technical blog post today (January 18), Varonis Threat Labs outlined how the technique could allow an attacker to use stolen credentials to compromise an organization’s Box account and exfiltrate sensitive data without access to the victim’s phone.

“Once known, the vulnerability is extremely easy for an unsophisticated attacker

Read More

The Moto G Stylus (2022) may only get one major software upgrade

Source: @OnLeaks / Prepp.in

Motorola was previously rumored to be planning a mid-year release of the upcoming Moto G Stylus (2022). While some of the phone’s specifications were leaked late last year, indicating some improvements, a new report reveals a potentially significant drawback.

According to XDA Developers, the mid-range phone will run Android 11 out of the box. This means it will be one Android version behind some of the best Android phones under $200 such as the Moto G10 Power and the Moto G Fast (2021) by the time it launches. Motorola is set to roll out Android

Read More

Log4j flaw hunt shows how complicated the software supply chain really is

Open-source software is everywhere now, but the Log4j flaw that affects Java enterprise applications is a reminder of what can go wrong in the complicated modern software supply chain.

The challenge with the Log4j flaw (also known as Log4Shell) is not only that admins need to patch the flaw – which got a ‘critical’ rating of 10 out of 10 – but that IT folk can’t easily discover whether a product or system is affected by the vulnerability in the component. 

Google has calculated that approximately 17,000 Java packages in the Maven Central repository – the most significant Java package

Read More

TheHillSoftware engineer comes out of Broadway retirement to save 'Wicked' from cast shortage | TheHillCarla Stickler is a software engineer living in Chicago. She received a call to fill in for the role of Elphaba in the Broadway show….1 day ago

TheHillSoftware engineer comes out of Broadway retirement to save ‘Wicked’ from
cast shortage | TheHillCarla Stickler is a software engineer living in Chicago. She received a
call to fill in for the role of Elphaba in the Broadway show….1 day ago… Read More

Activision goes to court to stop Call of Duty cheat software

Enlarge / A shot of the “3D radar” feature Activision is trying to stop with its lawsuit.

Activision has filed a federal lawsuit against German cheat makers EngineOwning and associated individuals for “trafficking in technologies that circumvent or evade anti-cheat technologies used by Activision to protect the integrity of [Call of Duty] games.”

EngineOwning charges 13 euros per month or more for subscription access to individualized suites of cheating tools designed for Call of Duty games—and also Battlefield, Titanfall 2, and Star Wars Battlefront. The software promises abilities like automated aimbots, auto-firing triggerbots, “2D radar” that

Read More

The 3 Best Software Stocks to Buy in 2022 and Beyond

Software companies are some of the fastest-growing stocks in the tech sector for three simple reasons: Software is easier to distribute than hardware, it locks in customers with sticky subscriptions, and it’s on the front line of secular growth trends like artificial intelligence (AI), analytics, and automation.

However, software stocks can also be expensive, volatile, difficult to understand, and highly exposed to inflation and interest rate headwinds. So today, I’ll highlight three high-growth software stocks that are still worth buying even as many investors rotate toward safer blue-chip stalwarts.

Image source: Getty Images.

1. Palantir

Palantir (NYSE:PLTR) provides data mining

Read More