π΄ Microsoft Kicks Off 2022 With 96 Security Patches π΄
π Read
via "Dark Reading".
Nine of the Microsoft patches released today are classified as critical, 89 are Important, and six are publicly known.π Read
via "Dark Reading".
Dark Reading
Microsoft Kicks Off 2022 With 96 Security Patches
Nine of the Microsoft patches released today are classified as Critical, 89 are Important, and six are publicly known.
π΄ Let's Play! Raising the Stakes for Threat Modeling With Card Games π΄
π Read
via "Dark Reading".
On a recent Friday night, three security experts got together to play custom games that explore attack risks in an engaging way.π Read
via "Dark Reading".
Dark Reading
Let's Play! Raising the Stakes for Threat Modeling With Card Games
On a recent Friday night, three security experts got together to play custom games that explore attack risks in an engaging way.
βΌ CVE-2022-0087 βΌ
π Read
via "National Vulnerability Database".
keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βοΈ Who is the Network Access Broker βWazawaka?β βοΈ
π Read
via "Krebs on Security".
In a great many ransomware attacks, the criminals who pillage the victim's network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used to break in were purchased from a cybercriminal middleman known as an initial access broker. This post examines some of the clues left behind by Wazawaka, the handle chosen by a major access broker in the Russian-speaking cybercrime scene.π Read
via "Krebs on Security".
Krebs on Security
Who is the Network Access Broker βWazawaka?β
In a great many ransomware attacks, the criminals who pillage the victim's network are not the same crooks who gained the initial access to the victim organization. More commonly, the infected PC or stolen VPN credentials the gang used toβ¦
βΌ CVE-2022-0159 βΌ
π Read
via "National Vulnerability Database".
orchardcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-0179 βΌ
π Read
via "National Vulnerability Database".
snipe-it is vulnerable to Improper Access Controlπ Read
via "National Vulnerability Database".
π1
ποΈ Moodle e-learning platform patches session hijack bug that led to pre-auth RCE ποΈ
π Read
via "The Daily Swig".
Researchers disclose second critical flaw in authentication pluginπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Moodle e-learning platform patches session hijack bug that led to pre-auth RCE
Researchers disclose second critical flaw in authentication plugin
βΌ CVE-2021-3852 βΌ
π Read
via "National Vulnerability Database".
growi is vulnerable to Authorization Bypass Through User-Controlled Keyπ Read
via "National Vulnerability Database".
β Phishers Rip Off High-Profile EA Gamers β
π Read
via "Threat Post".
Electronic Arts blamed βhuman errorβ after attackers compromised customer support and took over and drained some of the top FIFA Ultimate Team player accounts.π Read
via "Threat Post".
Threat Post
FIFA Ultimate Team Account Takeovers Plague EA Gamers
Electronic Arts blamed βhuman errorβ after attackers compromised customer support and took over and drained some of the top FIFA Ultimate Team player accounts.
π¦Ώ Cisco Talos discovers a new malware campaign using the public cloud to hide its tracks π¦Ώ
π Read
via "Tech Republic".
The campaign was first detected in October and is using services like AWS and Azure to hide its tracks and evade detection.π Read
via "Tech Republic".
TechRepublic
Cisco Talos discovers a new malware campaign using the public cloud to hide its tracks
The campaign was first detected in October and is using services like AWS and Azure to hide its tracks and evade detection.
ποΈ Firefox fixes fullscreen notification bypass bug that could have led to convincing phishing campaigns ποΈ
π Read
via "The Daily Swig".
Flurry of issues patched in web browserβs latest advisoryπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Firefox fixes fullscreen notification bypass bug that could have led to convincing phishing campaigns
Flurry of issues patched in web browserβs latest advisory
βΌ CVE-2021-4080 βΌ
π Read
via "National Vulnerability Database".
crater is vulnerable to Unrestricted Upload of File with Dangerous Typeπ Read
via "National Vulnerability Database".
βΌ CVE-2021-44648 βΌ
π Read
via "National Vulnerability Database".
GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44649 βΌ
π Read
via "National Vulnerability Database".
Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44650 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components.π Read
via "National Vulnerability Database".
β Home routers with NetUSB support could have critical kernel hole β
π Read
via "Naked Security".
Got a router that supports USB access across the network? You might need a kernel update...π Read
via "Naked Security".
Naked Security
Home routers with NetUSB support could have critical kernel hole
Got a router that supports USB access across the network? You might need a kernel updateβ¦
β JavaScript developer destroys own projects in supply chain βlessonβ β
π Read
via "Naked Security".
Two popular open source JavaScript packages recently got "hacked" in a symbolic gesture by the original project creator.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ Patch Management Today: A Risk-Based Strategy to Defeat Cybercriminals π΄
π Read
via "Dark Reading".
By combining risk-based vulnerability prioritization and automated patch intelligence, organizations can apply patches based on threat level. Part 2 of 3.π Read
via "Dark Reading".
Dark Reading
Patch Management Today: A Risk-Based Strategy to Defeat Cybercriminals
By combining risk-based vulnerability prioritization and automated patch intelligence, organizations can apply patches based on threat level. Part 2 of 3.
ποΈ Patch Tuesday: Web security issues in the spotlight in Microsoftβs bumper January update ποΈ
π Read
via "The Daily Swig".
βWormableβ flaw in HTTP Protocol Stack causes concernπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Patch Tuesday: Web security issues in the spotlight in Microsoftβs bumper January update
βWormableβ flaw in HTTP Protocol Stack causes concern
π Proxmark3 4.14831 π
π Read
via "Packet Storm Security".
This is a custom firmware written for the Proxmark3 device. It extends the currently available firmware. This release is nicknamed Frostbit.π Read
via "Packet Storm Security".
Packetstormsecurity
Proxmark3 4.14831 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ποΈ Cybersecurity conferences 2022: A rundown of online, in person, and βhybridβ events ποΈ
π Read
via "The Daily Swig".
With many events choosing to retain virtual elements forced on them by the pandemic, thereβs now an abundance of online content to choose fromπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Cybersecurity conferences 2022: A rundown of online, in person, and βhybridβ events
With many events choosing to retain virtual elements forced on them by the pandemic, thereβs still an abundance of online content to choose from