π΄ Google Docs Comments Weaponized in New Phishing Campaign π΄
π Read
via "Dark Reading".
Attackers use the comment feature in Google Docs to email victims and lure them into clicking malicious links.π Read
via "Dark Reading".
Dark Reading
Google Docs Comments Weaponized in New Phishing Campaign
Attackers use the comment feature in Google Docs to email victims and lure them into clicking malicious links.
βΌ CVE-2021-25743 βΌ
π Read
via "National Vulnerability Database".
kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21664 βΌ
π Read
via "National Vulnerability Database".
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 4.1.34. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21661 βΌ
π Read
via "National Vulnerability Database".
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to improper sanitization in WP_Query, there can be cases where SQL injection is possible through plugins or themes that use it in a certain way. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21663 βΌ
π Read
via "National Vulnerability Database".
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21662 βΌ
π Read
via "National Vulnerability Database".
WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
π΄ Enterprises Worry About Increased Data Risk in Cloud π΄
π Read
via "Dark Reading".
The 2021 Strategic Security Survey highlights concerns related to the cloud environment, such as the ability to detect breaches and the increasing number of attacks against cloud systems.π Read
via "Dark Reading".
Dark Reading
Enterprises Worry About Increased Data Risk in Cloud
The 2021 Strategic Security Survey highlights concerns related to the cloud environment, such as the ability to detect breaches and the increasing number of attacks against cloud systems.
ποΈ Internet Bug Bounty: High severity vulnerability in Apache HTTP Server could lead to RCE ποΈ
π Read
via "The Daily Swig".
Buffer overflow flaw should be patched immediatelyπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Internet Bug Bounty: High severity vulnerability in Apache HTTP Server could lead to RCE
Buffer overflow flaw should be patched immediately
π΄ 7 Predictions for Global Energy Cybersecurity in 2022 π΄
π Read
via "Dark Reading".
Increased digitization makes strong cybersecurity more important than ever.π Read
via "Dark Reading".
Dark Reading
7 Predictions for Global Energy Cybersecurity in 2022
Increased digitization makes strong cybersecurity more important than ever.
β Log4J-Related RCE Flaw in H2 Database Earns Critical Rating β
π Read
via "Threat Post".
Critical flaw in the H2 open-source Java SQL database are similar to the Log4J vulnerability, but do not pose a widespread threat.π Read
via "Threat Post".
Threat Post
Log4J-Related RCE Flaw in H2 Database Earns Critical Rating
Critical flaw in the H2 open-source Java SQL database are similar to the Log4J vulnerability, but do not pose a widespread threat.
ποΈ Latest WordPress security release fixes XSS, SQL injection bugs ποΈ
π Read
via "The Daily Swig".
Quartet of software flaws addressed ahead of next major release of popular CMSπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Latest WordPress security release fixes XSS, SQL injection bugs
Quartet of software flaws addressed ahead of next major release of popular CMS
ποΈ Researchers discover Log4j-like flaw in H2 database console ποΈ
π Read
via "The Daily Swig".
Impact of JNDI bug mitigated by vulnerable behavior being disabled by defaultπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Researchers discover Log4j-like flaw in H2 database console
Impact of JNDI bug mitigated by vulnerable behavior being disabled by default
β QNAP: Get NAS Devices Off the Internet Now β
π Read
via "Threat Post".
There are active ransomware and brute-force attacks being launched against internet-exposed, network-attached storage devices, the device maker warned.π Read
via "Threat Post".
Threat Post
QNAP: Get NAS Devices Off the Internet Now
There are active ransomware and brute-force attacks being launched against internet-exposed, network-attached storage devices, the device maker warned.
β S3 Ep64: Log4Shell again, scammers keeping busy, and Apple Home bug [Podcast + Transcript] β
π Read
via "Naked Security".
We're back for 2022 - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep64: Log4Shell again, scammers keeping busy, and Apple Home bug [Podcast + Transcript]
Weβre back for 2022 β listen now!
β Log4Shell-like security hole found in popular Java SQL database engine H2 β
π Read
via "Naked Security".
"It's Log4Shell, Jim, but not as we know it." How to find and fix a JNDI-based vuln in the H2 Database Engine.π Read
via "Naked Security".
Naked Security
Log4Shell-like security hole found in popular Java SQL database engine H2
βItβs Log4Shell, Jim, but not as we know it.β How to find and fix a JNDI-based vuln in the H2 Database Engine.
π¦Ώ Norton 360 wants to pay you a pittance to mine Ethereum cryptocurrency π¦Ώ
π Read
via "Tech Republic".
The new opt-in feature turns your idle PC into a cryptominer, with Norton skimming 15% off the top, plus market fees.π Read
via "Tech Republic".
TechRepublic
Norton 360 wants to pay you a pittance to mine Ethereum cryptocurrency
The new opt-in feature turns your idle PC into a cryptominer, with Norton skimming 15% off the top, plus market fees.
π΄ How to Proactively Limit Damage From BlackMatter Ransomware π΄
π Read
via "Dark Reading".
Logic flaw exists in malware that can be used to prevent it from encrypting remote shares, security vendor says.π Read
via "Dark Reading".
Dark Reading
How to Proactively Limit Damage From BlackMatter Ransomware
Logic flaw exists in malware that can be used to prevent it from encrypting remote shares, security vendor says.
π FTC Settles with Financial Firm Following Mortgage File Breach π
π Read
via "".
A recently finalized settlement will require the company maintain proper data security safeguards and undergo periodic audits.π Read
via "".
Digital Guardian
FTC Settles with Financial Firm Following Mortgage File Breach
A recently finalized settlement will require the company maintain proper data security safeguards and undergo periodic audits.
β 3.7M FlexBooker Records Dumped on Hacker Forum β
π Read
via "Threat Post".
Attackers are trading millions of records from a trio of pre-holiday breaches on an online forum.π Read
via "Threat Post".
Threat Post
3.7M FlexBooker Records Dumped on Hacker Forum
Attackers are trading millions of records from a trio of pre-holiday breaches on an online forum.
π Friday Five 1/7 π
π Read
via "".
A scientist pleads guilty to stealing trade secret data, a new proof-of-concept iPhone Trojan, and more - catch up on the infosec news of the week with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 1/7
A scientist pleads guilty to stealing trade secret data, a new proof-of-concept iPhone Trojan, and more - catch up on the infosec news of the week with the Friday Five!
π’ The scariest security horror stories of 2021 π’
π Read
via "ITPro".
A crisis at Microsoft, the ransomware resurgence, and endless zero-days dominated headlinesπ Read
via "ITPro".
ITPro
The scariest security horror stories of 2021
A crisis at Microsoft, the ransomware resurgence, and endless zero-days dominated headlines