βΌ CVE-2022-0527 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in Maven org.webjars.npm:github-com-chatwoot-chatwoot prior to 2.2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0526 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in Maven org.webjars.npm:github-com-chatwoot-chatwoot prior to 2.2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0525 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Read in Homebrew mruby prior to 3.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24694 βΌ
π Read
via "National Vulnerability Database".
In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. (Only folder names are affected. Neither file names nor file contents are affected.)π Read
via "National Vulnerability Database".
βΌ CVE-2022-24682 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.π Read
via "National Vulnerability Database".
ποΈ FTC set to ramp up privacy and security rule-making activity in 2022 ποΈ
π Read
via "The Daily Swig".
Recent moves from the US government agency have laid the groundwork for significant changes to businessesβ compliance obligations, writes US attorney David Oberlyπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
FTC set to ramp up privacy and security rule-making activity in 2022
Recent moves from the US government agency have laid the groundwork for significant changes to businessesβ compliance obligations, writes US attorney David Oberly
βΌ CVE-2022-0536 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor in NPM follow-redirects prior to 1.14.8.π Read
via "National Vulnerability Database".
β Ex-Gumshoe Nabs Cybercrooks with FBI Tactics β
π Read
via "Threat Post".
Crane Hassold, former FBI analyst turned director of threat intel at Abnormal Security, shares stories from his covert work with cyberattackers.π Read
via "Threat Post".
β MoleRats APT Flaunts New Trojan in Latest Cyberespionage Campaign β
π Read
via "Threat Post".
Researchers from Proofpoint have spotted a new Middle East-targeted phishing campaign that delivers a novel malware dubbed NimbleMamba.π Read
via "Threat Post".
Threat Post
MoleRats APT Flaunts New Trojan in Latest Cyberespionage Campaign
Researchers from Proofpoint have spotted a new Middle East-targeted phishing campaign that delivers a novel malware dubbed NimbleMamba.
ποΈ Cyber-attack at Vodafone Portugal knocks mobile network services offline ποΈ
π Read
via "The Daily Swig".
No customer data was accessed, company claimsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Cyber-attack at Vodafone Portugal knocks mobile network services offline
No customer data was accessed, company claims
β Self-styled βCrocodile of Wall Streetβ arrested with husband over Bitcoin megaheist β
π Read
via "Naked Security".
The cops say they've recovered 80% of a $72 million cryptocoin heist... but the recovered funds alone are now worth over $4 billion!π Read
via "Naked Security".
Naked Security
Self-styled βCrocodile of Wall Streetβ arrested with husband over Bitcoin megaheist
The cops say theyβve recovered 80% of a $72 million cryptocoin heistβ¦ but the recovered funds alone are now worth over $4 billion!
βΌ CVE-2021-46360 βΌ
π Read
via "National Vulnerability Database".
Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46354 βΌ
π Read
via "National Vulnerability Database".
Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increase the attack surface.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0538 βΌ
π Read
via "National Vulnerability Database".
Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0539 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_console prior to 1.7.14.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25939 βΌ
π Read
via "National Vulnerability Database".
In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests performed internally, which can be abused by a highly-privileged attacker to perform blind SSRF and send internal requests to localhost.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40837 βΌ
π Read
via "National Vulnerability Database".
A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23378 βΌ
π Read
via "National Vulnerability Database".
A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 version of TastyIgniter. The "items%5B0%5D%5Bpath%5D" parameter of a request made to /admin/allergens/edit/1 is vulnerable.π Read
via "National Vulnerability Database".
π΄ Log4j and the Role of SBOMs in Reducing Software Security Risk π΄
π Read
via "Dark Reading".
Enterprises are spending a pittance on securing their software supply chain, which makes COTS software dangerous β vulnerabilities can be "hidden" in open source components.π Read
via "Dark Reading".
Dark Reading
Log4j and the Role of SBOMs in Reducing Software Security Risk
Enterprises are spending a pittance on securing their software supply chain, which makes COTS software dangerous β vulnerabilities can be "hidden" in open source components.
ποΈ Couple charged with laundering proceeds from $4.5bn Bitfinex cryptocurrency hack ποΈ
π Read
via "The Daily Swig".
US investigators recover $3.6bn in digital assetsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Couple charged with laundering proceeds from $4.5bn Bitfinex cryptocurrency hack
US investigators recover $3.6bn in digital assets
π GNU Privacy Guard 2.2.34 π
π Read
via "Packet Storm Security".
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.π Read
via "Packet Storm Security".
Packetstormsecurity
GNU Privacy Guard 2.2.34 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers