βΌ CVE-2022-0378 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in Packagist microweber/microweber prior to 1.2.11.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43334 βΌ
π Read
via "National Vulnerability Database".
BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Group Description field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0379 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.π Read
via "National Vulnerability Database".
ποΈ Fantasy Premier League account hack surge prompts plans to introduce extra login checks for football fans ποΈ
π Read
via "The Daily Swig".
FA (belatedly) says OK to 2FAπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Fantasy Premier League account hack surge prompts plans to introduce extra login checks for football fans
FA (belatedly) says OK to 2FA
β Tax scam emails are alive and well as US tax season starts β
π Read
via "Naked Security".
If in doubt, don't give it out! (And don't forget that no reply is often a good reply.)π Read
via "Naked Security".
Naked Security
Tax scam emails are alive and well as US tax season starts
If in doubt, donβt give it out! (And donβt forget that no reply is often a good reply.)
β Linux Bug in All Major Distros: βAn Attackerβs Dream Come Trueβ β
π Read
via "Threat Post".
The 12-year-old flaw in the sudo-like polkitβs pkexec tool, found in all major Linux distributions, is likely to be exploited in the wild within days.π Read
via "Threat Post".
Threat Post
Linux Bug in All Major Distros: βAn Attackerβs Dream Come Trueβ
The 12-year-old flaw in the sudo-like Polkitβs pkexec tool, found in all major Linux distributions, is likely to be exploited in the wild within days.
π΄ Cybersecurity Is Broken: How We Got Here & How to Start Fixing It π΄
π Read
via "Dark Reading".
It's not just your imagination β malicious threats have exponentially increased organizational risk.π Read
via "Dark Reading".
Dark Reading
Cybersecurity Is Broken: How We Got Here & How to Start Fixing It
It's not just your imagination β malicious threats have exponentially increased organizational risk.
β βPwnKitβ security bug gets you root on most Linux distros β what to do β
π Read
via "Naked Security".
An elevation of privilege bug that could let a "mostly harmless" user give themselves a instant root shellπ Read
via "Naked Security".
Naked Security
βPwnKitβ security bug gets you root on most Linux distros β what to do
An elevation of privilege bug that could let a βmostly harmlessβ user give themselves a instant root shell
π΄ Experts Urge Firms to Patch Trivial-to-Exploit Flaw in Linux PolicyKit π΄
π Read
via "Dark Reading".
The memory corruption vulnerability in a policy component installed by default on most Linux distributions allows any user to become root. Researchers have already reproduced the exploit.π Read
via "Dark Reading".
Dark Reading
Experts Urge Firms to Patch Trivial-to-Exploit Flaw in Linux PolicyKit
The memory corruption vulnerability in a policy component installed by default on most Linux distributions allows any user to become root. Researchers have already reproduced the exploit.
βΌ CVE-2021-29846 βΌ
π Read
via "National Vulnerability Database".
IBM Security Guardium Insights 3.0 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 205256.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46561 βΌ
π Read
via "National Vulnerability Database".
controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304 allows an organizational administrator to transfer a user account to an arbitrary new organization, and thereby achieve unintended access within the context of that new organization.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46116 βΌ
π Read
via "National Vulnerability Database".
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin._TemplateController#doInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46115 βΌ
π Read
via "National Vulnerability Database".
jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin._TemplateController#doUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29838 βΌ
π Read
via "National Vulnerability Database".
IBM Security Guardium Insights 3.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29845 βΌ
π Read
via "National Vulnerability Database".
IBM Security Guardium Insights 3.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. IBM X-Force ID: 205255.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46383 βΌ
π Read
via "National Vulnerability Database".
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: SQL Injection. The impact is: obtain sensitive information (remote). The component is: net.mingsoft.mdiy.action.web.DictAction#list. The attack vector is: 0 or sleep(3). ΓΒΆΓΒΆ MCMS has a sql injection vulnerability through which attacker can get sensitive information from the database.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46386 βΌ
π Read
via "National Vulnerability Database".
https://gitee.com/mingSoft/MCMS MCMS <=5.2.5 is affected by: File Upload. The impact is: execute arbitrary code (remote). The component is: net.mingsoft.basic.action.web.FileAction#upload. The attack vector is: jspx webshell. ΓΒΆΓΒΆ MCMS has a file upload vulnerability through which attacker can upload a webshell. Successful attacks of this vulnerability can result in takeover of MCMSπ Read
via "National Vulnerability Database".
βΌ CVE-2021-46118 βΌ
π Read
via "National Vulnerability Database".
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKit#doSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0368 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Read in Conda vim prior to 8.2.π Read
via "National Vulnerability Database".
β Cybercriminals Love Supply-Chain Chaos: Hereβs How to Protect Your Inbox β
π Read
via "Threat Post".
Threat actors use bogus 'shipping delays' to deceive customers and businesses. Troy Gill, senior manager of threat intelligence at Zix, discusses how spoofing is evolving and what to do.π Read
via "Threat Post".
Threat Post
Cybercriminals Love Supply-Chain Chaos: Hereβs How to Protect Your Inbox
Threat actors use bogus 'shipping delays' to deceive customers and businesses. Troy Gill, senior manager of threat intelligence at Zix, discusses how spoofing is evolving and what to do.
π Ransomware Groups Turning to Insiders to Help with Attacks π
π Read
via "".
A new survey suggests there's been an uptick in ransomware groups reaching out to employees in hopes they can help them carry out attacks against their company.π Read
via "".
Digital Guardian
Ransomware Groups Turning to Insiders to Help with Attacks
A new survey suggests there's been an uptick in ransomware groups reaching out to employees in hopes they can help them carry out attacks against their company.