π’ El Salvador becomes latest target of Pegasus spyware π’
π Read
via "ITPro".
The list of nations with access to Pegasus is growing, with evidence pointing to potential links between 35 confirmed Pegasus cases and the Salvadoran governmentπ Read
via "ITPro".
IT PRO
El Salvador becomes latest target of Pegasus spyware | IT PRO
The list of nations with access to Pegasus is growing, with evidence pointing to potential links between 35 confirmed Pegasus cases and the Salvadoran government
βΌ CVE-2022-23094 βΌ
π Read
via "National Vulnerability Database".
Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.π Read
via "National Vulnerability Database".
βΌ CVE-2021-24044 βΌ
π Read
via "National Vulnerability Database".
By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions. This could result in segmentation fault as a consequence of type confusion error, with a low chance of RCE. This issue affects Hermes versions prior to v0.10.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44049 βΌ
π Read
via "National Vulnerability Database".
CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23178 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23095 βΌ
π Read
via "National Vulnerability Database".
Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33828 βΌ
π Read
via "National Vulnerability Database".
The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files (that have been uploaded to a public share) are supposed to be deleted upon detection.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44537 βΌ
π Read
via "National Vulnerability Database".
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-33827 βΌ
π Read
via "National Vulnerability Database".
The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0235 βΌ
π Read
via "National Vulnerability Database".
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actorπ Read
via "National Vulnerability Database".
βΌ CVE-2021-4170 βΌ
π Read
via "National Vulnerability Database".
calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βΌ CVE-2022-23303 βΌ
π Read
via "National Vulnerability Database".
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23304 βΌ
π Read
via "National Vulnerability Database".
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3853 βΌ
π Read
via "National Vulnerability Database".
chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
βΌ CVE-2021-3857 βΌ
π Read
via "National Vulnerability Database".
chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')π Read
via "National Vulnerability Database".
β Romance scammer who targeted 670 women gets 28 months in jail β
π Read
via "Naked Security".
Found love online? Sending them money? Friends and family warning you it could be a scam? Don't be too quick to dismiss their concerns...π Read
via "Naked Security".
Naked Security
Romance scammer who targeted 670 women gets 28 months in jail
Found love online? Sending them money? Friends and family warning you it could be a scam? Donβt be too quick to dismiss their concernsβ¦
β€1
π΄ Mastering the Art of Cloud Tagging Using Data Science π΄
π Read
via "Dark Reading".
Cloud tagging, the process of labeling cloud assets by certain attributes or operational values, can unlock behavioral insights to optimize and automate cyber asset management at scale.π Read
via "Dark Reading".
Dark Reading
Mastering the Art of Cloud Tagging Using Data Science
Cloud tagging, the process of labeling cloud assets by certain attributes or operational values, can unlock behavioral insights to optimize and automate cyber asset management at scale.
ποΈ White House tackles βunique security challengesβ faced by open source ecosystem during dedicated virtual summit ποΈ
π Read
via "The Daily Swig".
Silicon Valley giants joined government officials to thrash out remedies to software supply chain woesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
White House tackles βunique security challengesβ faced by open source ecosystem during dedicated virtual summit
Silicon Valley giants joined government officials to thrash out remedies to software supply chain woes
βΌ CVE-2021-25025 βΌ
π Read
via "National Vulnerability Database".
The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create eventsπ Read
via "National Vulnerability Database".
βΌ CVE-2021-25024 βΌ
π Read
via "National Vulnerability Database".
The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issuesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-25061 βΌ
π Read
via "National Vulnerability Database".
The WP Booking System WordPress plugin before 2.0.15 was affected by a reflected xss in wp-booking-system on the wpbs-calendars admin page.π Read
via "National Vulnerability Database".