βΌ CVE-2022-22545 βΌ
π Read
via "National Vulnerability Database".
A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0183 βΌ
π Read
via "National Vulnerability Database".
Improper Validation of Specified Index, Position, or Offset in Input in software for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39994 βΌ
π Read
via "National Vulnerability Database".
There is an arbitrary address access vulnerability with the product line test code.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0534 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gif_get_code() and occurs when opening a malicious GIF file, which can result in a crash (segmentation fault).π Read
via "National Vulnerability Database".
βΌ CVE-2022-22813 βΌ
π Read
via "National Vulnerability Database".
A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the TLS cryptographic key and take active control of the Courier tunneling communication network, they could potentially observe and manipulate traffic associated with product configuration.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20032 βΌ
π Read
via "National Vulnerability Database".
In vow driver, there is a possible memory corruption due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05852822; Issue ID: ALPS05852822.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22807 βΌ
π Read
via "National Vulnerability Database".
A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)π Read
via "National Vulnerability Database".
βΌ CVE-2022-20037 βΌ
π Read
via "National Vulnerability Database".
In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171705; Issue ID: ALPS06171705.π Read
via "National Vulnerability Database".
βΌ CVE-2021-0115 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
β S3 Ep69: WordPress woes, Wormhole holes, and a Microsoft change of heart [Podcast + Transcript] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βοΈ Russian Govt. Continues Carding Shop Crackdown βοΈ
π Read
via "Krebs on Security".
Russian authorities have arrested six men accused of operating some of the most active online bazaars for selling stolen payment card data. The crackdown -- the second closure of major card fraud shops by Russian authorities in as many weeks -- comes closely behind Russia's arrest of 14 alleged affiliates of the REvil ransomware gang, and has many in the cybercrime underground asking who might be next.π Read
via "Krebs on Security".
Krebs on Security
Russian Govt. Continues Carding Shop Crackdown
Russian authorities have arrested six men accused of operating some of the most active online bazaars for selling stolen payment card data. The crackdown -- the second closure of major card fraud shops by Russian authorities in as many weeksβ¦
β PHP Everywhere Bugs Put 30K+ WordPress Sites at Risk of RCE β
π Read
via "Threat Post".
The plug-inβs default settings spawned flaws that could allow for full site takeover but have since been fixed in an update that users should immediately install, Wordfence researchers said.π Read
via "Threat Post".
Threat Post
PHP Everywhere Bugs Put 30K+ WordPress Sites at Risk of RCE
The plug-inβs default settings spawned flaws that could allow for full site takeover but have since been fixed in an update that users should immediately install, Wordfence researchers said.
βΌ CVE-2021-45901 βΌ
π Read
via "National Vulnerability Database".
The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists.π Read
via "National Vulnerability Database".
π΄ Bot Marketplaces as a Source of Future Data Breaches π΄
π Read
via "Dark Reading".
Of the four bot marketplaces Cognyte analyzed, the Russian Market is the most dominant, but the others are all active, updated daily, and well-known, too.π Read
via "Dark Reading".
Dark Reading
Bot Marketplaces as a Source of Future Data Breaches
Of the four bot marketplaces Cognyte analyzed, the Russian Market is the most dominant, but the others are all active, updated daily, and well-known, too.
π΄ Data Transparency Hasn't Made Us Safer Yet. Can It Uncover Breach Causality? π΄
π Read
via "Dark Reading".
Advanced machine learning models within an XDR framework could uncover what actually causes breaches, but first we need better data transparency.π Read
via "Dark Reading".
Dark Reading
Data Transparency Hasn't Made Us Safer Yet. Can It Uncover Breach Causality?
Advanced machine learning models within an XDR framework could uncover what actually causes breaches, but first we need better data transparency.
β SAP to Give Threat Briefing on Uber-Severe βICMADβ Bugs β
π Read
via "Threat Post".
SAPβs Patch Tuesday brought fixes for a trio of flaws in the ubiquitous ICM component in internet-exposed apps. One of them, with a risk score of 10, could allow attackers to hijack identities, steal data and more.π Read
via "Threat Post".
Threat Post
SAP to Give Threat Briefing on Uber-Severe βICMADβ Bugs
SAPβs Patch Tuesday brought fixes for a trio of flaws in the ubiquitous ICM component in internet-exposed apps. One of them, with a risk score of 10, could allow attackers to hijack identities, steal data and more.
π nfstream 6.4.1 π
π Read
via "Packet Storm Security".
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.π Read
via "Packet Storm Security".
Packetstormsecurity
nfstream 6.4.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2022-24111 βΌ
π Read
via "National Vulnerability Database".
In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels can be viewed without requiring a login if the URL to these portfolios is known.π Read
via "National Vulnerability Database".
ποΈ Ransomware surge prompts joint NCSC, CISA warning to safeguard systems ποΈ
π Read
via "The Daily Swig".
Weekend attacks and assaults on the software supply chain mark evolving TTPsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Ransomware surge prompts joint NCSC, CISA warning to safeguard systems
Weekend attacks and assaults on the software supply chain mark evolving TTPs
π΄ Titaniam Secures $6 Million in Seed Funding π΄
π Read
via "Dark Reading".
Funding round led by Refinery Ventures, with participation from Fusion Fund and Shasta Ventures.π Read
via "Dark Reading".
Dark Reading
Titaniam Secures $6 Million in Seed Funding
Funding round led by Refinery Ventures, with participation from Fusion Fund and Shasta Ventures.
π΄ Allure Security Raises $6.8 Million Seed Funding Round π΄
π Read
via "Dark Reading".
Funding led by Gutbrain Ventures.π Read
via "Dark Reading".
Dark Reading
Allure Security Raises $6.8 Million Seed Funding Round
Funding led by Gutbrain Ventures.