📢 QNAP warns of ransomware targeting internet-facing NAS products 📢
📖 Read
via "ITPro".
The manufacturer has provided a guide to securing vulnerable products amid ongoing attacks📖 Read
via "ITPro".
IT PRO
QNAP warns of ransomware targeting internet-facing NAS products | IT PRO
The manufacturer has provided a guide to securing vulnerable products amid ongoing attacks
📢 Open source in open rebellion - can Google bring peace to the developer community? 📢
📖 Read
via "ITPro".
A recent White House gathering exposes divisions between the open source community and the private companies that exploit it📖 Read
via "ITPro".
IT PRO
Open source in open rebellion - can Google bring peace to the developer community? | IT PRO
A recent White House gathering exposes divisions between the open source community and the private companies that exploit it
📢 US gov issues fresh warning over Russian threat to critical infrastructure 📢
📖 Read
via "ITPro".
The FBI, NSA and CISA have urged network defenders to be on "heightened alert" for Russian cyber attacks📖 Read
via "ITPro".
IT PRO
US gov issues fresh warning over Russian threat to critical infrastructure | IT PRO
The FBI, NSA and CISA have urged network defenders to be on "heightened alert" for Russian cyber attacks
📢 NetUSB flaw exposes millions of routers to remote code execution 📢
📖 Read
via "ITPro".
The vulnerability impacts devices from Netgear, TP-Link, D-Link, and Western Digital📖 Read
via "ITPro".
IT PRO
NetUSB flaw exposes millions of routers to remote code execution | IT PRO
The vulnerability impacts devices from Netgear, TP-Link, D-Link, and Western Digital
📢 Five giveaways that show an email is a phishing attack 📢
📖 Read
via "ITPro".
One of the biggest problems in cyber security is the phishing email📖 Read
via "ITPro".
IT PRO
Five giveaways that show an email is a phishing attack | IT PRO
One of the biggest problems in cyber security is the phishing email
📢 Ransomware is being rewritten in Go for joint attacks on Windows, Linux users 📢
📖 Read
via "ITPro".
The Google-created programming language has become increasingly popular in the malware community for its speed and effectiveness in targeting more users with the same code base📖 Read
via "ITPro".
IT PRO
Ransomware is being rewritten in Go for joint attacks on Windows, Linux users | IT PRO
The Google-created programming language has become increasingly popular in the malware community for its speed and effectiveness in targeting more users with the same code base
📢 Ukraine government and embassies hit by "massive" cyber attacks 📢
📖 Read
via "ITPro".
Russia is said to be most-likely behind the attacks as tensions between the two countries increases📖 Read
via "ITPro".
IT PRO
Ukraine government and embassies hit by "massive" cyber attacks | IT PRO
Russia is said to be most-likely behind the attacks as tensions between the two countries increases
📢 How to build a zero trust model 📢
📖 Read
via "ITPro".
Threats are becoming greater and more diverse, but having a zero trust architecture could help your business defend its infrastructure📖 Read
via "ITPro".
IT PRO
How to build a zero trust model | IT PRO
Threats are becoming greater and more diverse, but having a zero trust architecture could help your business defend its infrastructure
📢 Nearly half of all Log4j downloads remain critically vulnerable 📢
📖 Read
via "ITPro".
The findings come as the US threatens legal action against those who fail to patch to the latest versions of the popular Java library📖 Read
via "ITPro".
IT PRO
Nearly half of all Log4j downloads remain critically vulnerable | IT PRO
The findings come as the US threatens legal action against those who fail to patch to the latest versions of the popular Java library
📢 El Salvador becomes latest target of Pegasus spyware 📢
📖 Read
via "ITPro".
The list of nations with access to Pegasus is growing, with evidence pointing to potential links between 35 confirmed Pegasus cases and the Salvadoran government📖 Read
via "ITPro".
IT PRO
El Salvador becomes latest target of Pegasus spyware | IT PRO
The list of nations with access to Pegasus is growing, with evidence pointing to potential links between 35 confirmed Pegasus cases and the Salvadoran government
‼ CVE-2022-23094 ‼
📖 Read
via "National Vulnerability Database".
Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-24044 ‼
📖 Read
via "National Vulnerability Database".
By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. This could result in segmentation fault as a consequence of type confusion error, with a low chance of RCE. This issue affects Hermes versions prior to v0.10.0.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44049 ‼
📖 Read
via "National Vulnerability Database".
CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23178 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23095 ‼
📖 Read
via "National Vulnerability Database".
Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33828 ‼
📖 Read
via "National Vulnerability Database".
The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files (that have been uploaded to a public share) are supposed to be deleted upon detection.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44537 ‼
📖 Read
via "National Vulnerability Database".
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2021-33827 ‼
📖 Read
via "National Vulnerability Database".
The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0235 ‼
📖 Read
via "National Vulnerability Database".
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor📖 Read
via "National Vulnerability Database".
‼ CVE-2021-4170 ‼
📖 Read
via "National Vulnerability Database".
calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23303 ‼
📖 Read
via "National Vulnerability Database".
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.📖 Read
via "National Vulnerability Database".