βΌ CVE-2022-21900 βΌ
π Read
via "National Vulnerability Database".
Windows Hyper-V Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-21905.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21929 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21930, CVE-2022-21931.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21963 βΌ
π Read
via "National Vulnerability Database".
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21928, CVE-2022-21958, CVE-2022-21959, CVE-2022-21960, CVE-2022-21961, CVE-2022-21962.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21887 βΌ
π Read
via "National Vulnerability Database".
Win32k Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21882.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21875 βΌ
π Read
via "National Vulnerability Database".
Windows Storage Elevation of Privilege Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21964 βΌ
π Read
via "National Vulnerability Database".
Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21911 βΌ
π Read
via "National Vulnerability Database".
.NET Framework Denial of Service Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21930 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21929, CVE-2022-21931.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21880 βΌ
π Read
via "National Vulnerability Database".
Windows GDI+ Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21915.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21891 βΌ
π Read
via "National Vulnerability Database".
Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21896 βΌ
π Read
via "National Vulnerability Database".
Windows DWM Core Library Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21852, CVE-2022-21902.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21834 βΌ
π Read
via "National Vulnerability Database".
Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21893 βΌ
π Read
via "National Vulnerability Database".
Remote Desktop Protocol Remote Code Execution Vulnerability.π Read
via "National Vulnerability Database".
π΄ Kiteworks Acquires Email Encryption Leader totemo π΄
π Read
via "Dark Reading".
Further closes intelligence gap inhibiting companies from tracking and controlling private content communications.π Read
via "Dark Reading".
Dark Reading
Kiteworks Acquires Email Encryption Leader totemo
Further closes intelligence gap inhibiting companies from tracking and controlling private content communications.
π΄ Microsoft Kicks Off 2022 With 96 Security Patches π΄
π Read
via "Dark Reading".
Nine of the Microsoft patches released today are classified as critical, 89 are Important, and six are publicly known.π Read
via "Dark Reading".
Dark Reading
Microsoft Kicks Off 2022 With 96 Security Patches
Nine of the Microsoft patches released today are classified as Critical, 89 are Important, and six are publicly known.
π΄ Let's Play! Raising the Stakes for Threat Modeling With Card Games π΄
π Read
via "Dark Reading".
On a recent Friday night, three security experts got together to play custom games that explore attack risks in an engaging way.π Read
via "Dark Reading".
Dark Reading
Let's Play! Raising the Stakes for Threat Modeling With Card Games
On a recent Friday night, three security experts got together to play custom games that explore attack risks in an engaging way.
βΌ CVE-2022-0087 βΌ
π Read
via "National Vulnerability Database".
keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βοΈ Who is the Network Access Broker βWazawaka?β βοΈ
π Read
via "Krebs on Security".
In a great many ransomware attacks, the criminals who pillage the victim's network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial access broker. This post examines some of the clues left behind by Wazawaka, the handle chosen by a major access broker in the Russian-speaking cybercrime scene.π Read
via "Krebs on Security".
Krebs on Security
Who is the Network Access Broker βWazawaka?β
In a great many ransomware attacks, the criminals who pillage the victim's network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used toβ¦
βΌ CVE-2022-0159 βΌ
π Read
via "National Vulnerability Database".
orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-0179 βΌ
π Read
via "National Vulnerability Database".
snipe-it is vulnerable to Improper Access Controlπ Read
via "National Vulnerability Database".
π1
ποΈ Moodle e-learning platform patches session hijack bug that led to pre-auth RCE ποΈ
π Read
via "The Daily Swig".
Researchers disclose second critical flaw in authentication pluginπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Moodle e-learning platform patches session hijack bug that led to pre-auth RCE
Researchers disclose second critical flaw in authentication plugin