🕴 Credential-Stuffing Attacks on Remote Windows Systems Took Off in 2021 🕴
📖 Read
via "Dark Reading".
Password-guessing became last year's weapon of choice, as attackers attempted to brute-force vulnerable Remote Desktop Protocol (RDP) servers, SQL databases, and SMB file shares.📖 Read
via "Dark Reading".
Dark Reading
Credential-Stuffing Attacks on Remote Windows Systems Took Off in 2021
Password-guessing became last year's weapon of choice, as attackers attempted to brute-force vulnerable Remote Desktop Protocol (RDP) servers, SQL databases, and SMB file shares.
❌ Decryptor Keys Published for Maze, Egregor, Sekhmet Ransomwares ❌
📖 Read
via "Threat Post".
The Maze gang are purportedly never going back to ransomware and have destroyed all of their ransomware source code, said somebody claiming to be the developer.📖 Read
via "Threat Post".
Threat Post
Decryptor Keys Published for Maze, Egregor, Sekhmet Ransomwares
The Maze gang are purportedly never going back to ransomware and have destroyed all of their ransomware source code, said somebody claiming to be the developer.
🕴 Retailers' Offboarding Procedures Leave Potential Risks 🕴
📖 Read
via "Dark Reading".
IT teams need to consider unforeseen threats to avoid violating privacy regulations and supplier contracts.📖 Read
via "Dark Reading".
Dark Reading
Retailers' Offboarding Procedures Leave Potential Risks
IT teams need to consider unforeseen threats to avoid violating privacy regulations and supplier contracts.
‼ CVE-2022-0554 ‼
📖 Read
via "National Vulnerability Database".
Use of Out-of-range Pointer Offset in Conda vim prior to 8.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44969 ‼
📖 Read
via "National Vulnerability Database".
Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44970 ‼
📖 Read
via "National Vulnerability Database".
MiniCMS v1.11 was discovered to contain a cross-site scripting (XSS) vulnerability via /mc-admin/page-edit.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42000 ‼
📖 Read
via "National Vulnerability Database".
When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24646 ‼
📖 Read
via "National Vulnerability Database".
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24647 ‼
📖 Read
via "National Vulnerability Database".
Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vulnerability via the unlink() function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24958 ‼
📖 Read
via "National Vulnerability Database".
drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0557 ‼
📖 Read
via "National Vulnerability Database".
OS Command Injection in Packagist microweber/microweber prior to 1.2.11.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24961 ‼
📖 Read
via "National Vulnerability Database".
In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24959 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c.📖 Read
via "National Vulnerability Database".
🗓️ Tool trio released to protect JavaScript applications from malicious NPM packages 🗓️
📖 Read
via "The Daily Swig".
Security tools inspired by recent case where a package maintainer went rogue📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Tool trio released to protect JavaScript applications from malicious NPM packages
Security tools inspired by recent case where a package maintainer went rogue
⚠ S3 Ep69: WordPress woes, Wormhole holes, and a Microsoft change of heart [Podcast + Transcript] ⚠
📖 Read
via "Naked Security".
Latest episode - listen now!📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
‼ CVE-2021-30326 ‼
📖 Read
via "National Vulnerability Database".
Possible assertion due to improper size validation while processing the DownlinkPreemption IE in an RRC Reconfiguration/RRC Setup message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30309 ‼
📖 Read
via "National Vulnerability Database".
Improper size validation of QXDM commands can lead to memory corruption in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30318 ‼
📖 Read
via "National Vulnerability Database".
Improper validation of input when provisioning the HDCP key can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35075 ‼
📖 Read
via "National Vulnerability Database".
Possible null pointer dereference due to lack of WDOG structure validation during registration in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile📖 Read
via "National Vulnerability Database".
‼ CVE-2021-30325 ‼
📖 Read
via "National Vulnerability Database".
Possible out of bound access of DCI resources due to lack of validation process and resource allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35074 ‼
📖 Read
via "National Vulnerability Database".
Possible integer overflow due to improper fragment datatype while calculating number of fragments in a request message in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile📖 Read
via "National Vulnerability Database".