β Cybercrooks Frame Targets by Planting Fabricated Digital Evidence β
π Read
via "Threat Post".
The βModifiedElephantβ threat actors are technically unimpressive, but theyβve evaded detection for a decade, hacking human rights advocates' systems with dusty old keyloggers and off-the-shelf RATs.π Read
via "Threat Post".
Threat Post
Cybercrooks Frame Targets by Planting Fabricated Digital Evidence
The βModifiedElephantβ threat actors are technically unimpressive, but theyβve evaded detection for a decade, hacking human rights advocates' systems with dusty old keyloggers and off-the-shelf RATs.
π΄ Google Paid Record $8.7 Million to Bug Hunters in 2021 π΄
π Read
via "Dark Reading".
Company's Chrome and Android technologies continued to be target-rich environments for security researchers from around the world.π Read
via "Dark Reading".
Dark Reading
Google Paid Record $8.7 Million to Bug Hunters in 2021
Company's Chrome and Android technologies continued to be target-rich environments for security researchers from around the world.
βΌ CVE-2021-23555 βΌ
π Read
via "National Vulnerability Database".
The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22766 βΌ
π Read
via "National Vulnerability Database".
Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24975 βΌ
π Read
via "National Vulnerability Database".
The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20001 βΌ
π Read
via "National Vulnerability Database".
It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26728 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(6318)_CN which allows for remote code execution via shell metacharacters in the guestuser field to the __fastcall function with a POST request.π Read
via "National Vulnerability Database".
β Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa β
π Read
via "Threat Post".
A collection of five security vulnerabilities with a collective CVSS score of 10 out of 10 threaten critical infrastructure environments that use Moxa MXview.π Read
via "Threat Post".
Threat Post
Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa
A collection of five security vulnerabilities with a collective CVSS score of 10 out of 10 threaten critical infrastructure environments that use Moxa MXview.
π΄ Aviatrix Enhances Secure Cloud Networking with Network Behavior Analytics π΄
π Read
via "Dark Reading".
New capabilities added to Aviatrix ThreatIQ improve enterprise security posture to reduce business risk.π Read
via "Dark Reading".
Dark Reading
Aviatrix Enhances Secure Cloud Networking with Network Behavior Analytics
New capabilities added to Aviatrix ThreatIQ improve enterprise security posture to reduce business risk.
π΄ DDoS Attacks on a Tear in Q4 2021 π΄
π Read
via "Dark Reading".
New data from Kaspersky shows distributed denial-of-service attacks increased by more than 50% in the fourth quarter of last year compared with the third quarter.π Read
via "Dark Reading".
Dark Reading
DDoS Attacks on a Tear in Q4 2021
New data from Kaspersky shows distributed denial-of-service attacks increased by more than 50% in the fourth quarter of last year compared with the third quarter.
βΌ CVE-2022-24968 βΌ
π Read
via "National Vulnerability Database".
In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46365 βΌ
π Read
via "National Vulnerability Database".
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted XLF file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46361 βΌ
π Read
via "National Vulnerability Database".
An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46364 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46362 βΌ
π Read
via "National Vulnerability Database".
A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46363 βΌ
π Read
via "National Vulnerability Database".
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted CSV/XLS file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46366 βΌ
π Read
via "National Vulnerability Database".
An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23633 βΌ
π Read
via "National Vulnerability Database".
Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23634 βΌ
π Read
via "National Vulnerability Database".
Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails _or_ Puma version fixes the vulnerability.π Read
via "National Vulnerability Database".
π’ Sophos to launch new data centre in Mumbai π’
π Read
via "ITPro".
The cyber security company will help organisations to comply with strict data sovereignty laws and regulationsπ Read
via "ITPro".
IT PRO
Sophos to launch new data centre in Mumbai | IT PRO
The cyber security company will help organisations to comply with strict data sovereignty laws and regulations
π’ Google Cloud adds cryptomining protection following widespread exploitation π’
π Read
via "ITPro".
In nearly all cases of compromised Google Cloud instances, cryptomining malware was installed within 22 secondsπ Read
via "ITPro".
IT PRO
Google Cloud adds cryptomining protection following widespread exploitation | IT PRO
In nearly all cases of compromised Google Cloud instances, cryptomining malware was installed within 22 seconds