🕴 Qualys Launches Context XDR 🕴
📖 Read
via "Dark Reading".
Qualys Context XDR provides the security context that operations teams need to eliminate false positives and noise by triangulating risk posture, asset criticality, and threat intelligence.📖 Read
via "Dark Reading".
Dark Reading
Qualys Launches Context XDR
Qualys Context XDR provides the security context that operations teams need to eliminate false positives and noise by triangulating risk posture, asset criticality, and threat intelligence.
🗓️ Zero-day vulnerabilities in Nooie baby monitors could allow video feed hijack 🗓️
📖 Read
via "The Daily Swig".
Unresolved vulnerabilities also create code execution risk, warns Bitdefender📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Zero-day vulnerabilities in Nooie baby monitors could allow video feed hijack
Unresolved vulnerabilities also create code execution risk, warns Bitdefender
⚠ At last! Office macros from the internet to be blocked by default ⚠
📖 Read
via "Naked Security".
It's been a long time coming, and we're not there yet, but at least Microsoft Office will be a bit safer against macro malware...📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
🛠 TOR Virtual Network Tunneling Tool 0.4.6.10 🛠
📖 Read
via "Packet Storm Security".
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.📖 Read
via "Packet Storm Security".
Packetstormsecurity
TOR Virtual Network Tunneling Tool 0.4.6.10 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
‼ CVE-2021-44957 ‼
📖 Read
via "National Vulnerability Database".
Global buffer overflow vulnerability exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23705. Issue is in the jfif_encode function at ffjpeg/src/jfif.c (line 708) could cause a Denial of Service by using a crafted jpeg file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44956 ‼
📖 Read
via "National Vulnerability Database".
Two Heap based buffer overflow vulnerabilities exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23852. Issues that are in the jfif_decode function at ffjpeg/src/jfif.c (line 552) could cause a Denial of Service by using a crafted jpeg file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45326 ‼
📖 Read
via "National Vulnerability Database".
Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44864 ‼
📖 Read
via "National Vulnerability Database".
TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buffer Overflow. Authenticated attackers can crash router httpd services via /userRpm/PingIframeRpm.htm request which contains redundant & in parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0510 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45328 ‼
📖 Read
via "National Vulnerability Database".
Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45325 ‼
📖 Read
via "National Vulnerability Database".
Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-45327 ‼
📖 Read
via "National Vulnerability Database".
Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code.📖 Read
via "National Vulnerability Database".
🕴 Cyber Terrorism Is a Growing Threat & Governments Must Take Action 🕴
📖 Read
via "Dark Reading".
With its benefits of deniability, relatively low costs, and the ability to attack from anywhere, cyber terrorism will increasingly threaten civilians everywhere.📖 Read
via "Dark Reading".
Dark Reading
Cyber Terrorism Is a Growing Threat & Governments Must Take Action
With its benefits of deniability, relatively low costs, and the ability to attack from anywhere, cyber terrorism will increasingly threaten civilians everywhere.
🕴 Vulnerability Scanning Triples, Leading to Two-Thirds Fewer Flaws 🕴
📖 Read
via "Dark Reading".
Companies are scanning more applications for vulnerabilities — and more often.📖 Read
via "Dark Reading".
Dark Reading
Vulnerability Scanning Triples, Leading to Two-Thirds Fewer Flaws
Companies are scanning more applications for vulnerabilities — and more often.
❌ No Critical Bugs for Microsoft February 2022 Patch Tuesday, 1 Zero-Day ❌
📖 Read
via "Threat Post".
This batch had zero critical CVEs, which is unheard of. Most (50) of the patches are labeled Important, so don't delay to apply the patches, security experts said.📖 Read
via "Threat Post".
Threat Post
No Critical Bugs for Microsoft February 2022 Patch Tuesday, 1 Zero-Day
This batch had zero critical CVEs, which is unheard of. Most (50) of the patches are labeled Important, so don't delay to apply the patches, security experts said.
🕴 Get Started on Continuous Compliance Ahead of PCI DSS v4.0 🕴
📖 Read
via "Dark Reading".
Here's what vendors can do to prepare in the time remaining before the final release of PCI DSS 4.0 this quarter.📖 Read
via "Dark Reading".
Dark Reading
Get Started on Continuous Compliance Ahead of PCI DSS v4.0
Here's what retailers and anyone collecting payments can do to prepare in the time remaining before the final release of PCI DSS 4.0 this quarter.
🕴 Threat Actors Revive 20-Year-Old Tactic in Microsoft 365 Phishing Attacks 🕴
📖 Read
via "Dark Reading".
Recent attacks involving so-called "right-to-left override" spoofing aimed at Microsoft 365 users show how attackers sometimes modify and improve old methods to try and stay one step ahead of defenders.📖 Read
via "Dark Reading".
Dark Reading
Threat Actors Revive 20-Year-Old Tactic in Microsoft 365 Phishing Attacks
Recent attacks involving so-called "right-to-left override" spoofing aimed at Microsoft 365 users show how attackers sometimes modify and improve old methods to try and stay one step ahead of defenders.
‼ CVE-2022-21702 ‼
📖 Read
via "National Vulnerability Database".
Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0139 ‼
📖 Read
via "National Vulnerability Database".
Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0.📖 Read
via "National Vulnerability Database".
🕴 Google Cuts User Account Compromises in Half With Simple Change 🕴
📖 Read
via "Dark Reading".
The online tech giant auto-enabled two-step verification for more than 150 million users, throwing up steep hurdles against scammers and attackers.📖 Read
via "Dark Reading".
Dark Reading
Google Cuts User Account Compromises in Half With Simple Change
The online tech giant auto-enabled two-step verification for more than 150 million users, throwing up steep hurdles against scammers and attackers.
👍1
‼ CVE-2022-0522 ‼
📖 Read
via "National Vulnerability Database".
Access of Memory Location Before Start of Buffer in NPM radare2.js prior to 5.6.2.📖 Read
via "National Vulnerability Database".