βΌ CVE-2022-0362 βΌ
π Read
via "National Vulnerability Database".
SQL Injection in Packagist showdoc/showdoc prior to 2.10.3.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22600 βΌ
π Read
via "National Vulnerability Database".
A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755π Read
via "National Vulnerability Database".
βΌ CVE-2022-0203 βΌ
π Read
via "National Vulnerability Database".
Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0361 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in Conda vim prior to 8.2.π Read
via "National Vulnerability Database".
ποΈ US healthcare company EyeMed reaches settlement following 2020 data breach ποΈ
π Read
via "The Daily Swig".
Vision benefits provider agrees to $600,000π Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
US healthcare company EyeMed reaches settlement following 2020 data breach
Vision benefits provider agrees to $600,000
π΄ Why It's Time to Rethink Incident Response π΄
π Read
via "Dark Reading".
The incident response landscape has changed drastically, largely from shifting attitudes among insurance companies and, to some extent, business customers feeling the pain of security incidents.π Read
via "Dark Reading".
Dark Reading
Why It's Time to Rethink Incident Response
The incident response landscape has changed drastically, largely from shifting attitudes among insurance companies and, to some extent, business customers feeling the pain of security incidents.
π¦Ώ More than 90% of enterprises surveyed have been hit by successful cyberattacks π¦Ώ
π Read
via "Tech Republic".
Since the start of the pandemic, some 83% of those polled by Anomali have seen an increase in attempted cyberattacks, while most have witnessed a rise in phishing emails.π Read
via "Tech Republic".
TechRepublic
More than 90% of enterprises surveyed have been hit by successful cyberattacks | TechRepublic
Since the start of the pandemic, some 83% of those polled by Anomali have seen an increase in attempted cyberattacks, while most have witnessed a rise in phishing emails.
π¦Ώ Cybercriminals exploiting COVID-19 tests in phishing attacks π¦Ώ
π Read
via "Tech Republic".
Scammers are taking advantage of the focus on COVID-19 testing and the need for at-home test kits, says Barracuda Networks.π Read
via "Tech Republic".
TechRepublic
Cybercriminals exploiting COVID-19 tests in phishing attacks
Scammers are taking advantage of the focus on COVID-19 testing and the need for at-home test kits, says Barracuda Networks.
π΄ VPNLab.net Shuttered in Latest Spate of Global Takedowns π΄
π Read
via "Dark Reading".
Europol and 10 nations seized servers and disconnected the anonymous network allegedly used by many cybercriminals in the latest effort to hobble cybercrime groups.π Read
via "Dark Reading".
Dark Reading
VPNLab.net Shuttered in Latest Spate of Global Takedowns
Europol and 10 nations seized servers and disconnected the anonymous network allegedly used by many cybercriminals in the latest effort to hobble cybercrime groups.
βΌ CVE-2022-22851 βΌ
π Read
via "National Vulnerability Database".
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodtester Hospital's Patient Records Management System 1.0 via the specialization parameter in doctors.phpπ Read
via "National Vulnerability Database".
βΌ CVE-2021-44692 βΌ
π Read
via "National Vulnerability Database".
BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the email address of each user. When creating a new user, it generates a Unique ID for their profile. This UID is their private email address with symbols removed and periods replaced with hyphens. For example. JohnDoe@example.com would become /members/johndoeexample-com and Jo.test@example.com would become /members/jo-testexample-com. The members list is available to everyone and (in a default configuration) often without authentication. It is therefore trivial to collect a list of email addresses.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45975 βΌ
π Read
via "National Vulnerability Database".
In ListCheck.exe in Acer Care Center 4.x before 4.00.3038, a vulnerability in the loading mechanism of Windows DLLs could allow a local attacker to perform a DLL hijacking attack. This vulnerability is due to incorrect handling of directory search paths at run time. An attacker could exploit this vulnerability by placing a malicious DLL file on the targeted system. This file will execute when the vulnerable application launches. A successful exploit could allow the attacker to execute arbitrary code on the targeted system with local administrator privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46117 βΌ
π Read
via "National Vulnerability Database".
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0378 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43334 βΌ
π Read
via "National Vulnerability Database".
BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Group Description field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0379 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.π Read
via "National Vulnerability Database".
ποΈ Fantasy Premier League account hack surge prompts plans to introduce extra login checks for football fans ποΈ
π Read
via "The Daily Swig".
FA (belatedly) says OK to 2FAπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Fantasy Premier League account hack surge prompts plans to introduce extra login checks for football fans
FA (belatedly) says OK to 2FA
β Tax scam emails are alive and well as US tax season starts β
π Read
via "Naked Security".
If in doubt, don't give it out! (And don't forget that no reply is often a good reply.)π Read
via "Naked Security".
Naked Security
Tax scam emails are alive and well as US tax season starts
If in doubt, donβt give it out! (And donβt forget that no reply is often a good reply.)
β Linux Bug in All Major Distros: βAn Attackerβs Dream Come Trueβ β
π Read
via "Threat Post".
The 12-year-old flaw in the sudo-like polkitβs pkexec tool, found in all major Linux distributions, is likely to be exploited in the wild within days.π Read
via "Threat Post".
Threat Post
Linux Bug in All Major Distros: βAn Attackerβs Dream Come Trueβ
The 12-year-old flaw in the sudo-like Polkitβs pkexec tool, found in all major Linux distributions, is likely to be exploited in the wild within days.
π΄ Cybersecurity Is Broken: How We Got Here & How to Start Fixing It π΄
π Read
via "Dark Reading".
It's not just your imagination β malicious threats have exponentially increased organizational risk.π Read
via "Dark Reading".
Dark Reading
Cybersecurity Is Broken: How We Got Here & How to Start Fixing It
It's not just your imagination β malicious threats have exponentially increased organizational risk.
β βPwnKitβ security bug gets you root on most Linux distros β what to do β
π Read
via "Naked Security".
An elevation of privilege bug that could let a "mostly harmless" user give themselves a instant root shellπ Read
via "Naked Security".
Naked Security
βPwnKitβ security bug gets you root on most Linux distros β what to do
An elevation of privilege bug that could let a βmostly harmlessβ user give themselves a instant root shell