βΌ CVE-2021-46544 βΌ
π Read
via "National Vulnerability Database".
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/lib/x86_64-linux-gnu/libasan.so.4+0x59e19. This vulnerability can lead to a Denial of Service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2021-46526 βΌ
π Read
via "National Vulnerability Database".
Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via snquote at src/mjs_json.c.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46521 βΌ
π Read
via "National Vulnerability Database".
Cesanta MJS v2.20.0 was discovered to contain a global buffer overflow via c_vsnprintf at mjs/src/common/str_util.c.π Read
via "National Vulnerability Database".
π΄ Phishing Simulation Study Shows Why These Attacks Remain Pervasive π΄
π Read
via "Dark Reading".
E-mail purportedly from human resources convinced more than one-fifth of recipients to click, the majority of whom did so within an hour of receiving the fraudulent message.π Read
via "Dark Reading".
Dark Reading
Phishing Simulation Study Shows Why These Attacks Remain Pervasive
Email purportedly from human resources convinced more than one-fifth of recipients to click, the majority of whom did so within an hour of receiving the fraudulent message.
π’ NCSC project will help UK businesses identify security vulnerabilities π’
π Read
via "ITPro".
The scripts will be developed and reviewed regularly to target the most pervasive issues in enterprise securityπ Read
via "ITPro".
IT PRO
NCSC project will help UK businesses identify security vulnerabilities | IT PRO
The scripts will be developed and reviewed regularly to target the most pervasive issues in enterprise security
π’ Vodafone: Personal data might become new currency by 2030 π’
π Read
via "ITPro".
Businesses will be forced to provide customers with a better experience in exchange for personal data in order to retain themπ Read
via "ITPro".
IT PRO
Vodafone: Personal data might become new currency by 2030 | IT PRO
Businesses will be forced to provide customers with a better experience in exchange for personal data in order to retain them
π’ Apple fixes array of iOS, macOS zero-days and code execution security flaws π’
π Read
via "ITPro".
The first wave of security updates for Apple products in 2022 follows a year in which a wide variety of security flaws plagued its portfolio of devicesπ Read
via "ITPro".
ITPro
Apple fixes array of iOS, macOS zero-days and code execution security flaws
The first wave of security updates for Apple products in 2022 follows a year in which a wide variety of security flaws plagued its portfolio of devices
π’ 12-year-old Linux root privilege flaw has been "hiding in plain sight" π’
π Read
via "ITPro".
Researchers were quick to highlight how easy it was to exploit the vulnerability, recommending urgent patchesπ Read
via "ITPro".
IT PRO
12-year-old Linux root privilege flaw has been "hiding in plain sight" | IT PRO
Researchers were quick to highlight how easy it was to exploit the vulnerability, recommending urgent patches
βΌ CVE-2022-21719 βΌ
π Read
via "National Vulnerability Database".
GLPI is a free asset and IT management software package. All GLPI versions prior to 9.5.7 are vulnerable to reflected cross-site scripting. Version 9.5.7 contains a patch for this issue. There are no known workarounds.π Read
via "National Vulnerability Database".
ποΈ Privacy slalom: Human rights, media orgs offer OPSEC warning to Winter Olympics attendees ποΈ
π Read
via "The Daily Swig".
Behind the spectacle of Beijing 2022, visitorsβ digital freedoms may be left out in the coldπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Privacy slalom: Human rights, media orgs offer OPSEC warning to Winter Olympics attendees
Behind the spectacle of Beijing 2022, visitorsβ digital freedoms may be left out in the cold
βΌ CVE-2020-28885 βΌ
π Read
via "National Vulnerability Database".
Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject commands through the Gogo Shell module to execute any OS command on the Liferay Portal Sever.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28884 βΌ
π Read
via "National Vulnerability Database".
Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject Groovy script to execute any OS command on the Liferay Portal Sever.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21720 βΌ
π Read
via "National Vulnerability Database".
GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a patch for this issue. As a workaround, disabling the `Entities` update right prevents exploitation of this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24071 βΌ
π Read
via "National Vulnerability Database".
A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0394 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.π Read
via "National Vulnerability Database".
βοΈ Who Wrote the ALPHV/BlackCat Ransomware Strain? βοΈ
π Read
via "Krebs on Security".
In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. "BlackCat"), considered to be the first professional cybercrime group to create and use a ransomware strain in the Rust programming language. In this post, we'll explore some of the clues left behind by the developer who was reputedly hired to code the ransomware variant.π Read
via "Krebs on Security".
Krebs on Security
Who Wrote the ALPHV/BlackCat Ransomware Strain?
In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. "BlackCat"), considered to be the first professional cybercrime group to create and use a ransomware strain in the Rust programming language. In this post, we'll exploreβ¦
ποΈ Xerox belatedly addresses web-based printer bricking threat ποΈ
π Read
via "The Daily Swig".
Firmware flaw resolved after extended 28-month disclosure processπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Xerox belatedly addresses web-based printer bricking threat
Firmware flaw resolved after extended 28-month disclosure process
π΄ More Security Flaws Found in Apple's OS Technologies π΄
π Read
via "Dark Reading".
Apple's updates this week included fixes for two zero-day flaws, several code execution bugs, and vulnerabilities that allowed attackers to bypass its core security protections.π Read
via "Dark Reading".
Dark Reading
More Security Flaws Found in Apple's OS Technologies
Apple's latest updates included fixes for two zero-day flaws, several code execution bugs, and vulnerabilities that allowed attackers to bypass its core security protections.
β Apple fixes Safari data leak (and patches a zero-day!) β update now β
π Read
via "Naked Security".
That infamous "supercookie" bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β S3 Ep67: Tax scams, carder busts and crypto capers [Podcast + Transcript] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep67: Tax scams, carder busts and crypto capers [Podcast + Transcript]
Latest episode β listen now!
β Conti, DeadBolt Target Delta, QNAP β
π Read
via "Threat Post".
QNAP had to push out an unexpected (and not entirely welcome) NAS device update, and Delta Electronics' network has been crippled.π Read
via "Threat Post".
Threat Post
Conti, DeadBolt Ransomwares Target Delta, QNAP
QNAP had to push out an unexpected (and not entirely welcome) NAS device update, and Delta Electronicsβ network has been crippled.