‼ CVE-2022-22766 ‼
📖 Read
via "National Vulnerability Database".
Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24975 ‼
📖 Read
via "National Vulnerability Database".
The --mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the "GitBleed" issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the --mirror option.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-20001 ‼
📖 Read
via "National Vulnerability Database".
It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-26728 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(6318)_CN which allows for remote code execution via shell metacharacters in the guestuser field to the __fastcall function with a POST request.📖 Read
via "National Vulnerability Database".
❌ Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa ❌
📖 Read
via "Threat Post".
A collection of five security vulnerabilities with a collective CVSS score of 10 out of 10 threaten critical infrastructure environments that use Moxa MXview.📖 Read
via "Threat Post".
Threat Post
Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa
A collection of five security vulnerabilities with a collective CVSS score of 10 out of 10 threaten critical infrastructure environments that use Moxa MXview.
🕴 Aviatrix Enhances Secure Cloud Networking with Network Behavior Analytics 🕴
📖 Read
via "Dark Reading".
New capabilities added to Aviatrix ThreatIQ improve enterprise security posture to reduce business risk.📖 Read
via "Dark Reading".
Dark Reading
Aviatrix Enhances Secure Cloud Networking with Network Behavior Analytics
New capabilities added to Aviatrix ThreatIQ improve enterprise security posture to reduce business risk.
🕴 DDoS Attacks on a Tear in Q4 2021 🕴
📖 Read
via "Dark Reading".
New data from Kaspersky shows distributed denial-of-service attacks increased by more than 50% in the fourth quarter of last year compared with the third quarter.📖 Read
via "Dark Reading".
Dark Reading
DDoS Attacks on a Tear in Q4 2021
New data from Kaspersky shows distributed denial-of-service attacks increased by more than 50% in the fourth quarter of last year compared with the third quarter.
‼ CVE-2022-24968 ‼
📖 Read
via "National Vulnerability Database".
In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46365 ‼
📖 Read
via "National Vulnerability Database".
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted XLF file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46361 ‼
📖 Read
via "National Vulnerability Database".
An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46364 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46362 ‼
📖 Read
via "National Vulnerability Database".
A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46363 ‼
📖 Read
via "National Vulnerability Database".
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted CSV/XLS file.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46366 ‼
📖 Read
via "National Vulnerability Database".
An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23633 ‼
📖 Read
via "National Vulnerability Database".
Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23634 ‼
📖 Read
via "National Vulnerability Database".
Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails _or_ Puma version fixes the vulnerability.📖 Read
via "National Vulnerability Database".
📢 Sophos to launch new data centre in Mumbai 📢
📖 Read
via "ITPro".
The cyber security company will help organisations to comply with strict data sovereignty laws and regulations📖 Read
via "ITPro".
IT PRO
Sophos to launch new data centre in Mumbai | IT PRO
The cyber security company will help organisations to comply with strict data sovereignty laws and regulations
📢 Google Cloud adds cryptomining protection following widespread exploitation 📢
📖 Read
via "ITPro".
In nearly all cases of compromised Google Cloud instances, cryptomining malware was installed within 22 seconds📖 Read
via "ITPro".
IT PRO
Google Cloud adds cryptomining protection following widespread exploitation | IT PRO
In nearly all cases of compromised Google Cloud instances, cryptomining malware was installed within 22 seconds
📢 Linux-based multi-cloud environments facing increased ransomware attacks 📢
📖 Read
via "ITPro".
VMware researchers claim not enough effort is being spent on developing countermeasures for attacks on the cloud's most popular operating system📖 Read
via "ITPro".
IT PRO
Linux-based multi-cloud environments facing increased ransomware attacks | IT PRO
VMware researchers claim not enough effort is being spent on developing countermeasures for attacks on the cloud's most popular operating system
📢 Washington State Department of Licensing hit by suspected data breach 📢
📖 Read
via "ITPro".
The DOL temporarily disabled its POLARIS system to investigate a possible breach📖 Read
via "ITPro".
IT PRO
Washington State Department of Licensing hit by suspected data breach | IT PRO
The DOL temporarily disabled its POLARIS system to investigate a possible breach
📢 Apple bug allowed iPhones to inadvertently record Siri interactions 📢
📖 Read
via "ITPro".
The flaw stored Siri recordings even if a user had opted out📖 Read
via "ITPro".
IT PRO
Apple bug allowed iPhones to inadvertently record Siri interactions | IT PRO
The flaw stored Siri recordings even if a user had opted out