βΌ CVE-2021-46203 βΌ
π Read
via "National Vulnerability Database".
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0274 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in NPM cypress-orchardcore prior to 1.2.2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46204 βΌ
π Read
via "National Vulnerability Database".
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. SQL injection vulnerability via taocms\include\Model\Article.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42810 βΌ
π Read
via "National Vulnerability Database".
A flaw in the previous versions of the product may allow an authenticated attacker the ability to execute code as a privileged user on a system where the agent is installed.π Read
via "National Vulnerability Database".
π΄ When Patching Security Flaws, Smarter Trumps Faster π΄
π Read
via "Dark Reading".
Just turning the patch dial to "high" is not enough, and if your company is using the Common Vulnerability Scoring System (CVSS) to prioritize software patching, you are doing it wrong.π Read
via "Dark Reading".
Dark Reading
When Patching Security Flaws, Smarter Trumps Faster
Just turning the patch dial to "high" is not enough, and if your company is using the Common Vulnerability Scoring System (CVSS) to prioritize software patching, you are doing it wrong.
π΄ 5 AI and Cybersecurity Predictions for 2022 π΄
π Read
via "Dark Reading".
Among them: Explainable artificial intelligence (XAI) will improve the ways humans and AI interact, plus expect a shift in how organizations fight ransomware.π Read
via "Dark Reading".
Dark Reading
5 AI and Cybersecurity Predictions for 2022
Among them: Explainable artificial intelligence (XAI) will improve the ways humans and AI interact, plus expect a shift in how organizations fight ransomware.
π΄ 1Password Raises $620M Series C, Now Valued at $6.8B π΄
π Read
via "Dark Reading".
The massive funding round comes as the rise of cloud and remote work led to new threats and growing security and privacy concerns.π Read
via "Dark Reading".
Dark Reading
1Password Raises $620M Series C, Now Valued at $6.8B
The massive funding round comes as the rise of cloud and remote work led to new threats and growing security and privacy concerns.
π Europol, Feds Take VPN Used by Cybercriminals Offline π
π Read
via "".
The service was being used to carry out ransomware deployment and other cybercrime activities.π Read
via "".
Digital Guardian
Europol, Feds Take VPN Used by Cybercriminals Offline
The service was being used to carry out ransomware deployment and other cybercrime activities.
β Destructive Wiper Targeting Ukraine Aimed at Eroding Trust, Experts Say β
π Read
via "Threat Post".
Disruptive malware attacks on Ukrainian organizations (posing as ransomware attacks) are very likely part of Russiaβs wider effort to undermine Ukraineβs sovereignty, according to analysts.π Read
via "Threat Post".
Threat Post
Destructive Wiper Targeting Ukraine Aimed at Eroding Trust, Experts Say
Disruptive malware attacks on Ukrainian organizations (posing as ransomware attacks) are very likely part of Russiaβs wider effort to undermine Ukraineβs sovereignty, according to analysts.
π΄ What Happens to My Organization If APIs Are Compromised? π΄
π Read
via "Dark Reading".
Once attackers have obtained access, they can compromise other systems or pivot within your networks.π Read
via "Dark Reading".
Dark Reading
What Happens to My Organization If APIs Are Compromised?
Once attackers have obtained access, they can compromise other systems or pivot within your networks.
βΌ CVE-2022-0243 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository orchardcms/orchardcore prior to 1.2.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22769 βΌ
π Read
via "National Vulnerability Database".
The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, TIBCO EBX Add-ons, TIBCO EBX Add-ons, TIBCO EBX Add-ons, and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.124 and below, TIBCO EBX: versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, 5.9.14, and 5.9.15, TIBCO EBX: versions 6.0.0, 6.0.1, 6.0.2, and 6.0.3, TIBCO EBX Add-ons: versions 3.20.18 and below, TIBCO EBX Add-ons: versions 4.1.0, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.5, and 4.5.6, TIBCO EBX Add-ons: versions 5.0.0, 5.0.1, 5.1.0, 5.1.1, and 5.2.0, and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 1.1.0 and below.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38789 βΌ
π Read
via "National Vulnerability Database".
Allwinner R818 SoC Android Q SDK V1.0 is affected by an incorrect access control vulnerability that does not check the caller's permission, in which a third-party app could change system settings.π Read
via "National Vulnerability Database".
π΄ FireEye & McAfee Enterprise Renamed as Trellix π΄
π Read
via "Dark Reading".
Symphony Technology Group announces a name for the newly merged company, which aims to become a leader in extended detection and response (XDR).π Read
via "Dark Reading".
Dark Reading
FireEye & McAfee Enterprise Renamed as Trellix
Symphony Technology Group announces a name for the newly merged company, which aims to become a leader in extended detection and response (XDR).
βΌ CVE-2021-26247 βΌ
π Read
via "National Vulnerability Database".
As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44777 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries deletion discovered in Email Tracker WordPress plugin (versions <= 5.2.6).π Read
via "National Vulnerability Database".
βΌ CVE-2021-23225 βΌ
π Read
via "National Vulnerability Database".
Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21699 βΌ
π Read
via "National Vulnerability Database".
IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerability achieved by not properly managing cross user temporary files. This vulnerability allows one user to run code as another on the same machine. All users are advised to upgrade.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23842 βΌ
π Read
via "National Vulnerability Database".
Communication to the AMC2 uses a state-of-the-art cryptographic algorithm for symmetric encryption called Blowfish. An attacker could retrieve the key from the firmware to decrypt network traffic between the AMC2 and the host system. Thus, an attacker can exploit this vulnerability to decrypt and modify network traffic, decrypt and further investigate the device\'s firmware file, and change the device configuration. The attacker needs to have access to the local network, typically even the same subnet.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3816 βΌ
π Read
via "National Vulnerability Database".
Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via "Copy" method at user_group_admin.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23843 βΌ
π Read
via "National Vulnerability Database".
The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are used to configure certains settings in AMC2 devices. The tool allows putting a password protection on configured devices to restrict access to the configuration of an AMC2. An attacker can circumvent this protection and make unauthorized changes to configuration data on the device. An attacker can exploit this vulnerability to manipulate the device\'s configuration or make it unresponsive in the local network. The attacker needs to have access to the local network, typically even the same subnet.π Read
via "National Vulnerability Database".