ποΈ Privacy slalom: Human rights, media orgs offer OPSEC warning to Winter Olympics attendees ποΈ
π Read
via "The Daily Swig".
Behind the spectacle of Beijing 2022, visitorsβ digital freedoms may be left out in the coldπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Privacy slalom: Human rights, media orgs offer OPSEC warning to Winter Olympics attendees
Behind the spectacle of Beijing 2022, visitorsβ digital freedoms may be left out in the cold
βΌ CVE-2020-28885 βΌ
π Read
via "National Vulnerability Database".
Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject commands through the Gogo Shell module to execute any OS command on the Liferay Portal Sever.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28884 βΌ
π Read
via "National Vulnerability Database".
Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject Groovy script to execute any OS command on the Liferay Portal Sever.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21720 βΌ
π Read
via "National Vulnerability Database".
GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a patch for this issue. As a workaround, disabling the `Entities` update right prevents exploitation of this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24071 βΌ
π Read
via "National Vulnerability Database".
A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0394 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.π Read
via "National Vulnerability Database".
βοΈ Who Wrote the ALPHV/BlackCat Ransomware Strain? βοΈ
π Read
via "Krebs on Security".
In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. "BlackCat"), considered to be the first professional cybercrime group to create and use a ransomware strain in the Rust programming language. In this post, we'll explore some of the clues left behind by the developer who was reputedly hired to code the ransomware variant.π Read
via "Krebs on Security".
Krebs on Security
Who Wrote the ALPHV/BlackCat Ransomware Strain?
In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. "BlackCat"), considered to be the first professional cybercrime group to create and use a ransomware strain in the Rust programming language. In this post, we'll exploreβ¦
ποΈ Xerox belatedly addresses web-based printer bricking threat ποΈ
π Read
via "The Daily Swig".
Firmware flaw resolved after extended 28-month disclosure processπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Xerox belatedly addresses web-based printer bricking threat
Firmware flaw resolved after extended 28-month disclosure process
π΄ More Security Flaws Found in Apple's OS Technologies π΄
π Read
via "Dark Reading".
Apple's updates this week included fixes for two zero-day flaws, several code execution bugs, and vulnerabilities that allowed attackers to bypass its core security protections.π Read
via "Dark Reading".
Dark Reading
More Security Flaws Found in Apple's OS Technologies
Apple's latest updates included fixes for two zero-day flaws, several code execution bugs, and vulnerabilities that allowed attackers to bypass its core security protections.
β Apple fixes Safari data leak (and patches a zero-day!) β update now β
π Read
via "Naked Security".
That infamous "supercookie" bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β S3 Ep67: Tax scams, carder busts and crypto capers [Podcast + Transcript] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep67: Tax scams, carder busts and crypto capers [Podcast + Transcript]
Latest episode β listen now!
β Conti, DeadBolt Target Delta, QNAP β
π Read
via "Threat Post".
QNAP had to push out an unexpected (and not entirely welcome) NAS device update, and Delta Electronics' network has been crippled.π Read
via "Threat Post".
Threat Post
Conti, DeadBolt Ransomwares Target Delta, QNAP
QNAP had to push out an unexpected (and not entirely welcome) NAS device update, and Delta Electronicsβ network has been crippled.
β Shlayer and Bundlore MacOS Malware Strains β How Uptycs EDR Detection Can Help β
π Read
via "Threat Post".
MacOS malware Shlayer and Bundlore may have variations, but the behavior of their attacks have not changed β attacking older macOS versions and poorly-protected websites.π Read
via "Threat Post".
Threat Post
Shlayer and Bundlore MacOS Malware Strains β How Uptycs EDR Detection Can Help
Ashwin Vamshi Adware strains Shlayer and Bundlore are the most common malware in macOS β although they have slight variations, they have long invaded and bypassed Xprotect, Notarization, Gatekeeper, and File Quarantine, all security features pre-built intoβ¦
βΌ CVE-2021-42791 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in VeridiumID VeridiumAD 2.5.3.0. The HTTP request to trigger push notifications for VeridiumAD enrolled users does not enforce proper access control. A user can trigger push notifications for any other user. The text contained in the push notification can also be modified. If a user who receives the notification accepts it, then the user who triggered the notification can obtain the accepting user's login certificate.π Read
via "National Vulnerability Database".
ποΈ US governmentβs βzero trustβ roadmap calls time on perimeter-based paradigm ποΈ
π Read
via "The Daily Swig".
Federal agencies have a little over two years to fundamentally remodel cyber defensesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
US governmentβs βzero trustβ roadmap calls time on perimeter-based paradigm
Federal agencies have a little over two years to fundamentally remodel cyber defenses
β Happy Data Privacy Day β and we really do mean βhappyβ :-) β
π Read
via "Naked Security".
We give you some simple digital lifesytle tips that cost nothing.π Read
via "Naked Security".
Naked Security
Happy Data Privacy Day β and we really do mean βhappyβ :-)
We give you some simple digital lifesytle tips that cost nothing.
β Zerodium Spikes Payout for Zero-Click Outlook Zero-Days β
π Read
via "Threat Post".
The sweetened deal came on the same day that Trustwave SpiderLabs published a new way to bypass Outlook security to deliver malicious links to victims.π Read
via "Threat Post".
Threat Post
Zerodium Spikes Payout for Zero-Click Outlook Zero-Days
The sweetened deal came on the same day that Trustwave SpiderLabs published a new way to bypass Outlook security to deliver malicious links to victims.
βΌ CVE-2022-23098 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44249 βΌ
π Read
via "National Vulnerability Database".
Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23863 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23097 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read.π Read
via "National Vulnerability Database".