🕴 Fighting Supply Chain Email Attacks With AI 🕴
📖 Read
via "Dark Reading".
Supply chain account takeover is the most pressing issue facing email security today, but artificial intelligence can head off such attempts.📖 Read
via "Dark Reading".
Dark Reading
Fighting Supply Chain Email Attacks With AI
Supply chain account takeover is the most pressing issue facing email security today, but artificial intelligence can head off such attempts.
🗓️ Tor Project heads to Russian court to appeal against censorship 🗓️
📖 Read
via "The Daily Swig".
Volunteers urged to build bridges while Tor contests blockade📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Tor Project heads to Russian court to appeal against censorship
Volunteers urged to build bridges while Tor contests blockade
‼ CVE-2021-44122 ‼
📖 Read
via "National Vulnerability Database".
SPIP 4.0.0 is affected by a Cross Site Request Forgery (CSRF) vulnerability in ecrire/public/aiguiller.php, ecrire/public/balises.php, ecrire/balise/formulaire_.php. To exploit the vulnerability, a visitor must visit a malicious website which redirects to the SPIP website. It is also possible to combine XSS vulnerabilities in SPIP 4.0.0 to exploit it. The vulnerability allows an authenticated attacker to execute malicious code without the knowledge of the user on the website (CSRF).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22932 ‼
📖 Read
via "National Vulnerability Database".
Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr:* commands are not very used and the entry is set by user. This has been fixed in revision: https://gitbox.apache.org/repos/asf?p=karaf.git;h=36a2bc4 https://gitbox.apache.org/repos/asf?p=karaf.git;h=52b70cf Mitigation: Apache Karaf users should upgrade to 4.2.15 or 4.3.6 or later as soon as possible, or use correct path. JIRA Tickets: https://issues.apache.org/jira/browse/KARAF-7326📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44123 ‼
📖 Read
via "National Vulnerability Database".
SPIP 4.0.0 is affected by a remote command execution vulnerability. To exploit the vulnerability, an attacker must craft a malicious picture with a double extension, upload it and then click on it to execute it.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41766 ‼
📖 Read
via "National Vulnerability Database".
Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions (JMX). JMX is a Java RMI based technology that relies on Java serialized objects for client server communication. Whereas the default JMX implementation is hardened against unauthenticated deserialization attacks, the implementation used by Apache Karaf is not protected against this kind of attack. The impact of Java deserialization vulnerabilities strongly depends on the classes that are available within the targets class path. Generally speaking, deserialization of untrusted data does always represent a high security risk and should be prevented. The risk is low as, by default, Karaf uses a limited set of classes in the JMX server class path. It depends of system scoped classes (e.g. jar in the lib folder).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0251 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.10.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0359 ‼
📖 Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in Conda vim prior to 8.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44120 ‼
📖 Read
via "National Vulnerability Database".
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written and available, when a user goes to the public site and wants to read the author's information, the malicious code will be executed. The "Who are you" and "Website Name" fields are vulnerable.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44118 ‼
📖 Read
via "National Vulnerability Database".
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users (stored XSS).📖 Read
via "National Vulnerability Database".
❌ Threat Actors Blanket Androids with Flubot, Teabot Campaigns ❌
📖 Read
via "Threat Post".
Attackers are getting creative, using smishing & a malicious Google Play QR reader to plant banking trojans on the phones of victims across the globe.📖 Read
via "Threat Post".
Threat Post
Threat Actors Blanket Androids with Flubot, Teabot Campaigns
Attackers are getting creative, using smishing & a malicious Google Play QR reader to plant banking trojans on the phones of victims across the globe.
🗓️ Android security tool APKLeaks patches critical vulnerability 🗓️
📖 Read
via "The Daily Swig".
The package flaw allowed a number of malicious activities to take place📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Android security tool APKLeaks patches critical vulnerability
The package flaw allowed a number of malicious activities to take place
🦿 IT pros say privacy regulations are more helpful than harmful 🦿
📖 Read
via "Tech Republic".
Cisco's 2022 data privacy study finds that privacy budgets are up, and companies are seeing good return on these investments.📖 Read
via "Tech Republic".
TechRepublic
IT pros say privacy regulations are more helpful than harmful
Cisco's 2022 data privacy study finds that privacy budgets are up, and companies are seeing good return on these investments.
‼ CVE-2021-22570 ‼
📖 Read
via "National Vulnerability Database".
Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0362 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22600 ‼
📖 Read
via "National Vulnerability Database".
A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0203 ‼
📖 Read
via "National Vulnerability Database".
Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0361 ‼
📖 Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in Conda vim prior to 8.2.📖 Read
via "National Vulnerability Database".
🗓️ US healthcare company EyeMed reaches settlement following 2020 data breach 🗓️
📖 Read
via "The Daily Swig".
Vision benefits provider agrees to $600,000📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
US healthcare company EyeMed reaches settlement following 2020 data breach
Vision benefits provider agrees to $600,000
🕴 Why It's Time to Rethink Incident Response 🕴
📖 Read
via "Dark Reading".
The incident response landscape has changed drastically, largely from shifting attitudes among insurance companies and, to some extent, business customers feeling the pain of security incidents.📖 Read
via "Dark Reading".
Dark Reading
Why It's Time to Rethink Incident Response
The incident response landscape has changed drastically, largely from shifting attitudes among insurance companies and, to some extent, business customers feeling the pain of security incidents.
🦿 More than 90% of enterprises surveyed have been hit by successful cyberattacks 🦿
📖 Read
via "Tech Republic".
Since the start of the pandemic, some 83% of those polled by Anomali have seen an increase in attempted cyberattacks, while most have witnessed a rise in phishing emails.📖 Read
via "Tech Republic".
TechRepublic
More than 90% of enterprises surveyed have been hit by successful cyberattacks | TechRepublic
Since the start of the pandemic, some 83% of those polled by Anomali have seen an increase in attempted cyberattacks, while most have witnessed a rise in phishing emails.