βΌ CVE-2022-21805 βΌ
π Read
via "National Vulnerability Database".
Reflected cross-site scripting vulnerability in the attached file name of php_mailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors.π Read
via "National Vulnerability Database".
β China Suspected of News Corp Cyberespionage Attack β
π Read
via "Threat Post".
Attackers infiltrated the media giantβs network using business email compromise, showing corporate networks' vulnerability due to human error. Here's how to help stop BEC.π Read
via "Threat Post".
Threat Post
China Suspected of News Corp Cyberespionage Attack
Attackers infiltrated the media giantβs network using BEC, while Microsoft moved to stop such attacks by blocking VBA macros in 5 Windows apps. Included: more ways to help stop BEC.
ποΈ UK anti-encryption drive meets fierce resistance from privacy, security advocates ποΈ
π Read
via "The Daily Swig".
Privacy campaigners sign open letter urging government to reconsider E2EE stanceπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
UK anti-encryption drive meets fierce resistance from privacy, security advocates
Privacy campaigners sign open letter urging government to reconsider E2EE stance
π΄ Get Started on Continuous Compliance Ahead of PCI DSS v4.0 π΄
π Read
via "Dark Reading".
Here's what vendors can do to prepare in the time remaining before the final release of PCI DSS 4.0 this quarter.π Read
via "Dark Reading".
Dark Reading
Get Started on Continuous Compliance Ahead of PCI DSS v4.0
Here's what retailers and anyone collecting payments can do to prepare in the time remaining before the final release of PCI DSS 4.0 this quarter.
π΄ DeepSurface Security Secures $4.5M for Business Expansion π΄
π Read
via "Dark Reading".
Funding round was led by Differential Ventures, an artificial intelligence and cybersecurity seed venture fund.π Read
via "Dark Reading".
Dark Reading
DeepSurface Security Secures $4.5M for Business Expansion
Funding round was led by Differential Ventures, an artificial intelligence and cybersecurity seed venture fund.
π΄ InterVision Unveils Ransomware Protection as a Service π΄
π Read
via "Dark Reading".
InterVision RPaaS solution provides protection, response, and recovery in one managed service.π Read
via "Dark Reading".
Dark Reading
InterVision Unveils Ransomware Protection as a Service
InterVision RPaaS solution provides protection, response, and recovery in one managed service.
π΄ Salesforce DevOps Needs Guardrails π΄
π Read
via "Dark Reading".
Some companies go too fast when it comes to SaaS, DevOps, and security, but smart developers and implementers will respect some basic guidelines to keep their product safe.π Read
via "Dark Reading".
Dark Reading
Salesforce DevOps Needs Guardrails
Some companies go too fast when it comes to SaaS, DevOps, and security, but smart developers and implementers will respect some basic guidelines to keep their product safe.
β Microsoft blocks web installation of its own App Installer files β
π Read
via "Naked Security".
It's a big deal when a vendor decides to block one of its own "features" for security reasons. Here's why we think it's a good idea.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2022-23331 βΌ
π Read
via "National Vulnerability Database".
In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23340 βΌ
π Read
via "National Vulnerability Database".
Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results.π Read
via "National Vulnerability Database".
π΄ Qualys Launches Context XDR π΄
π Read
via "Dark Reading".
Qualys Context XDR provides the security context that operations teams need to eliminate false positives and noise by triangulating risk posture, asset criticality, and threat intelligence.π Read
via "Dark Reading".
Dark Reading
Qualys Launches Context XDR
Qualys Context XDR provides the security context that operations teams need to eliminate false positives and noise by triangulating risk posture, asset criticality, and threat intelligence.
ποΈ Zero-day vulnerabilities in Nooie baby monitors could allow video feed hijack ποΈ
π Read
via "The Daily Swig".
Unresolved vulnerabilities also create code execution risk, warns Bitdefenderπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Zero-day vulnerabilities in Nooie baby monitors could allow video feed hijack
Unresolved vulnerabilities also create code execution risk, warns Bitdefender
β At last! Office macros from the internet to be blocked by default β
π Read
via "Naked Security".
It's been a long time coming, and we're not there yet, but at least Microsoft Office will be a bit safer against macro malware...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π TOR Virtual Network Tunneling Tool 0.4.6.10 π
π Read
via "Packet Storm Security".
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
TOR Virtual Network Tunneling Tool 0.4.6.10 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2021-44957 βΌ
π Read
via "National Vulnerability Database".
Global buffer overflow vulnerability exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23705. Issue is in the jfif_encode function at ffjpeg/src/jfif.c (line 708) could cause a Denial of Service by using a crafted jpeg file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44956 βΌ
π Read
via "National Vulnerability Database".
Two Heap based buffer overflow vulnerabilities exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23852. Issues that are in the jfif_decode function at ffjpeg/src/jfif.c (line 552) could cause a Denial of Service by using a crafted jpeg file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45326 βΌ
π Read
via "National Vulnerability Database".
Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44864 βΌ
π Read
via "National Vulnerability Database".
TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buffer Overflow. Authenticated attackers can crash router httpd services via /userRpm/PingIframeRpm.htm request which contains redundant & in parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0510 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45328 βΌ
π Read
via "National Vulnerability Database".
Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45325 βΌ
π Read
via "National Vulnerability Database".
Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL.π Read
via "National Vulnerability Database".