ποΈ Vulnerabilities in Cisco Small Business routers could allow unauthenticated attackers persistent access to internal networks ποΈ
π Read
via "The Daily Swig".
Critical security bugs inherited by multiple productsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Vulnerabilities in Cisco Small Business routers could allow unauthenticated attackers persistent access to internal networks
Critical security bugs inherited by multiple products
π΄ Want to Be an Ethical Hacker? Here's Where to Begin π΄
π Read
via "Dark Reading".
By utilizing these resources, beginner hackers can find their specific passions within the cybersecurity space and eventually make their own mark in the ethical hacking profession.π Read
via "Dark Reading".
Dark Reading
Want to Be an Ethical Hacker? Here's Where to Begin
By utilizing these resources, beginner hackers can find their specific passions within the cybersecurity space and eventually make their own mark in the ethical hacking profession.
ποΈ Google Drive integration errors created SSRF flaws in multiple applications ποΈ
π Read
via "The Daily Swig".
Bug hunter earned $17k bounty for HelloSign bugπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Google Drive integration errors created SSRF flaws in multiple applications
Bug hunter earned $17k bounty for HelloSign bug
βΌ CVE-2021-44983 βΌ
π Read
via "National Vulnerability Database".
In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column.π Read
via "National Vulnerability Database".
β S3 Ep68: Bugs, scams, privacy β¦and fonts?! [Podcast + Transcript] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep68: Bugs, scams, privacy β¦and fonts?! [Podcast + Transcript]
Latest episode β listen now!
π΄ China-Linked Group Attacked Taiwanese Financial Firms for 18 Months π΄
π Read
via "Dark Reading".
The Antlion group, also known as Pirate Panda and Tropic Trooper, has shifted to targeting mainly Taiwan, using custom backdoors against financial organizations.π Read
via "Dark Reading".
Dark Reading
China-Linked Group Attacked Taiwanese Financial Firms for 18 Months
The Antlion group, also known as Pirate Panda and Tropic Trooper, has shifted to targeting mainly Taiwan, using custom backdoors against financial organizations.
βΌ CVE-2021-44886 βΌ
π Read
via "National Vulnerability Database".
In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44978 βΌ
π Read
via "National Vulnerability Database".
iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43145 βΌ
π Read
via "National Vulnerability Database".
With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access with existing user accounts.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46398 βΌ
π Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44977 βΌ
π Read
via "National Vulnerability Database".
In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files.π Read
via "National Vulnerability Database".
β Wormhole cryptotrading company turns over $340,000,000 to criminals β
π Read
via "Naked Security".
It was the best of blockchains, it was the worst of blockchains... as Charles Dickens might have said.π Read
via "Naked Security".
Naked Security
Wormhole cryptotrading company turns over $340,000,000 to criminals
It was the best of blockchains, it was the worst of blockchains⦠as Charles Dickens might have said.
β Argo CD Security Bug Opens Kubernetes Cloud Apps to Attackers β
π Read
via "Threat Post".
The popular continuous-delivery platform has a path-traversal bug (CVE-2022-24348) that could allow cyberattackers to hop from one application ecosystem to another.π Read
via "Threat Post".
Threat Post
Argo CD Security Bug Opens Kubernetes Cloud Apps to Attackers
The popular continuous-delivery platform has a path-traversal bug (CVE-2022-24348) that could allow cyberattackers to hop from one application ecosystem to another.
β βLong Live Log4Shellβ: CVE-2021-44228 Not Dead Yet β
π Read
via "Threat Post".
The ubiquitous Log4j bug will be with us for years. John Hammond, senior security researcher at Huntress, discusses what's next.π Read
via "Threat Post".
Threat Post
βLong Live Log4Shellβ: CVE-2021-44228 Not Dead Yet
The ubiquitous Log4j bug will be with us for years. John Hammond, senior security researcher at Huntress, discusses what's next.
βΌ CVE-2021-43635 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24260 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24259 βΌ
π Read
via "National Vulnerability Database".
An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24262 βΌ
π Read
via "National Vulnerability Database".
The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root.π Read
via "National Vulnerability Database".
π Friday Five 2/4 π
π Read
via "".
Hacking North Korea, inside the Trickbot ransomware group, and more - catch up on the infosec news of the week with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 2/4
Hacking North Korea, inside the Trickbot ransomware group, and more - catch up on the infosec news of the week with the Friday Five!
π΄ Expert Insights: Training the Data Elephant in the AI Room π΄
π Read
via "Dark Reading".
Be aware of the risk of inadvertent data exposure in machine learning systems.π Read
via "Dark Reading".
Dark Reading
Expert Insights: Training the Data Elephant in the AI Room
Be aware of the risk of inadvertent data exposure in machine learning systems.
βΌ CVE-2021-29394 βΌ
π Read
via "National Vulnerability Database".
Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote authenticated users to change the password of any targeted user accounts via lack of proper authorization in the user-controlled "userID" parameter of the HTTP POST request.π Read
via "National Vulnerability Database".