‼ CVE-2022-0359 ‼
📖 Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in Conda vim prior to 8.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44120 ‼
📖 Read
via "National Vulnerability Database".
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written and available, when a user goes to the public site and wants to read the author's information, the malicious code will be executed. The "Who are you" and "Website Name" fields are vulnerable.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44118 ‼
📖 Read
via "National Vulnerability Database".
SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users (stored XSS).📖 Read
via "National Vulnerability Database".
❌ Threat Actors Blanket Androids with Flubot, Teabot Campaigns ❌
📖 Read
via "Threat Post".
Attackers are getting creative, using smishing & a malicious Google Play QR reader to plant banking trojans on the phones of victims across the globe.📖 Read
via "Threat Post".
Threat Post
Threat Actors Blanket Androids with Flubot, Teabot Campaigns
Attackers are getting creative, using smishing & a malicious Google Play QR reader to plant banking trojans on the phones of victims across the globe.
🗓️ Android security tool APKLeaks patches critical vulnerability 🗓️
📖 Read
via "The Daily Swig".
The package flaw allowed a number of malicious activities to take place📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Android security tool APKLeaks patches critical vulnerability
The package flaw allowed a number of malicious activities to take place
🦿 IT pros say privacy regulations are more helpful than harmful 🦿
📖 Read
via "Tech Republic".
Cisco's 2022 data privacy study finds that privacy budgets are up, and companies are seeing good return on these investments.📖 Read
via "Tech Republic".
TechRepublic
IT pros say privacy regulations are more helpful than harmful
Cisco's 2022 data privacy study finds that privacy budgets are up, and companies are seeing good return on these investments.
‼ CVE-2021-22570 ‼
📖 Read
via "National Vulnerability Database".
Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0362 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-22600 ‼
📖 Read
via "National Vulnerability Database".
A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0203 ‼
📖 Read
via "National Vulnerability Database".
Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0361 ‼
📖 Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in Conda vim prior to 8.2.📖 Read
via "National Vulnerability Database".
🗓️ US healthcare company EyeMed reaches settlement following 2020 data breach 🗓️
📖 Read
via "The Daily Swig".
Vision benefits provider agrees to $600,000📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
US healthcare company EyeMed reaches settlement following 2020 data breach
Vision benefits provider agrees to $600,000
🕴 Why It's Time to Rethink Incident Response 🕴
📖 Read
via "Dark Reading".
The incident response landscape has changed drastically, largely from shifting attitudes among insurance companies and, to some extent, business customers feeling the pain of security incidents.📖 Read
via "Dark Reading".
Dark Reading
Why It's Time to Rethink Incident Response
The incident response landscape has changed drastically, largely from shifting attitudes among insurance companies and, to some extent, business customers feeling the pain of security incidents.
🦿 More than 90% of enterprises surveyed have been hit by successful cyberattacks 🦿
📖 Read
via "Tech Republic".
Since the start of the pandemic, some 83% of those polled by Anomali have seen an increase in attempted cyberattacks, while most have witnessed a rise in phishing emails.📖 Read
via "Tech Republic".
TechRepublic
More than 90% of enterprises surveyed have been hit by successful cyberattacks | TechRepublic
Since the start of the pandemic, some 83% of those polled by Anomali have seen an increase in attempted cyberattacks, while most have witnessed a rise in phishing emails.
🦿 Cybercriminals exploiting COVID-19 tests in phishing attacks 🦿
📖 Read
via "Tech Republic".
Scammers are taking advantage of the focus on COVID-19 testing and the need for at-home test kits, says Barracuda Networks.📖 Read
via "Tech Republic".
TechRepublic
Cybercriminals exploiting COVID-19 tests in phishing attacks
Scammers are taking advantage of the focus on COVID-19 testing and the need for at-home test kits, says Barracuda Networks.
🕴 VPNLab.net Shuttered in Latest Spate of Global Takedowns 🕴
📖 Read
via "Dark Reading".
Europol and 10 nations seized servers and disconnected the anonymous network allegedly used by many cybercriminals in the latest effort to hobble cybercrime groups.📖 Read
via "Dark Reading".
Dark Reading
VPNLab.net Shuttered in Latest Spate of Global Takedowns
Europol and 10 nations seized servers and disconnected the anonymous network allegedly used by many cybercriminals in the latest effort to hobble cybercrime groups.
‼ CVE-2022-22851 ‼
📖 Read
via "National Vulnerability Database".
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the specialization parameter in doctors.php📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44692 ‼
📖 Read
via "National Vulnerability Database".
BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the email address of each user. When creating a new user, it generates a Unique ID for their profile. This UID is their private email address with symbols removed and periods replaced with hyphens. For example. JohnDoe@example.com would become /members/johndoeexample-com and Jo.test@example.com would become /members/jo-testexample-com. The members list is available to everyone and (in a default configuration) often without authentication. It is therefore trivial to collect a list of email addresses.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45975 ‼
📖 Read
via "National Vulnerability Database".
In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerability in the loading mechanism of Windows DLLs could allow a local attacker to perform a DLL hijacking attack. This vulnerability is due to incorrect handling of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with local administrator privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46117 ‼
📖 Read
via "National Vulnerability Database".
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0378 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.📖 Read
via "National Vulnerability Database".