βΌ CVE-2022-24968 βΌ
π Read
via "National Vulnerability Database".
In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46365 βΌ
π Read
via "National Vulnerability Database".
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted XLF file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46361 βΌ
π Read
via "National Vulnerability Database".
An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46364 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46362 βΌ
π Read
via "National Vulnerability Database".
A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46363 βΌ
π Read
via "National Vulnerability Database".
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted CSV/XLS file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46366 βΌ
π Read
via "National Vulnerability Database".
An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23633 βΌ
π Read
via "National Vulnerability Database".
Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23634 βΌ
π Read
via "National Vulnerability Database".
Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails _or_ Puma version fixes the vulnerability.π Read
via "National Vulnerability Database".
π’ Sophos to launch new data centre in Mumbai π’
π Read
via "ITPro".
The cyber security company will help organisations to comply with strict data sovereignty laws and regulationsπ Read
via "ITPro".
IT PRO
Sophos to launch new data centre in Mumbai | IT PRO
The cyber security company will help organisations to comply with strict data sovereignty laws and regulations
π’ Google Cloud adds cryptomining protection following widespread exploitation π’
π Read
via "ITPro".
In nearly all cases of compromised Google Cloud instances, cryptomining malware was installed within 22 secondsπ Read
via "ITPro".
IT PRO
Google Cloud adds cryptomining protection following widespread exploitation | IT PRO
In nearly all cases of compromised Google Cloud instances, cryptomining malware was installed within 22 seconds
π’ Linux-based multi-cloud environments facing increased ransomware attacks π’
π Read
via "ITPro".
VMware researchers claim not enough effort is being spent on developing countermeasures for attacks on the cloud's most popular operating systemπ Read
via "ITPro".
IT PRO
Linux-based multi-cloud environments facing increased ransomware attacks | IT PRO
VMware researchers claim not enough effort is being spent on developing countermeasures for attacks on the cloud's most popular operating system
π’ Washington State Department of Licensing hit by suspected data breach π’
π Read
via "ITPro".
The DOL temporarily disabled its POLARIS system to investigate a possible breachπ Read
via "ITPro".
IT PRO
Washington State Department of Licensing hit by suspected data breach | IT PRO
The DOL temporarily disabled its POLARIS system to investigate a possible breach
π’ Apple bug allowed iPhones to inadvertently record Siri interactions π’
π Read
via "ITPro".
The flaw stored Siri recordings even if a user had opted outπ Read
via "ITPro".
IT PRO
Apple bug allowed iPhones to inadvertently record Siri interactions | IT PRO
The flaw stored Siri recordings even if a user had opted out
π’ Online Safety Bill will require porn sites to verify age of UK users π’
π Read
via "ITPro".
However, internet users are concerned the proposal will threaten online privacy and open new opportunities for blackmailπ Read
via "ITPro".
ITPro
Online Safety Bill will require porn sites to verify age of UK users
However, internet users are concerned the proposal will threaten online privacy and open new opportunities for blackmail
π’ Building IT antibodies to fight future shocks π’
π Read
via "ITPro".
As enterprises look towards their post-COVID futures, they must ensure their IT systems are robust, secure, and resilientπ Read
via "ITPro".
ITPro
Building IT antibodies to fight future shocks
As enterprises look towards their post-COVID futures, they must ensure their IT systems are robust, secure, and resilient
π’ Google claims default 2FA reduced account breaches by 50% π’
π Read
via "ITPro".
The auto-enabled security mechanism was first introduced late last yearπ Read
via "ITPro".
ITPro
Google claims default 2FA reduced account breaches by 50%
The auto-enabled security mechanism was first introduced late last year
π’ US seizes record $3.6 billion in Bitcoin from Bitfinex hack π’
π Read
via "ITPro".
The FBI has also arrested a married couple for allegedly conspiring to launder the stolen cryptocurrencyπ Read
via "ITPro".
IT PRO
US seizes record $3.6 billion in Bitcoin from Bitfinex hack | IT PRO
The FBI has also arrested a married couple for allegedly conspiring to launder the stolen cryptocurrency
π’ US indicts Indian call center scammers π’
π Read
via "ITPro".
Six call centers were responsible for millions of IRS and loan fraud scams, says DoJπ Read
via "ITPro".
IT PRO
US indicts Indian call center scammers | IT PRO
Six call centers were responsible for millions of IRS and loan fraud scams, says DoJ
π’ Foreign Office hit by βserious cyber security incidentβ π’
π Read
via "ITPro".
The department sought urgent assistance from its security contractor in light of the "emergency"π Read
via "ITPro".
IT PRO
Foreign Office hit by βserious cyber security incidentβ | IT PRO
The department sought urgent assistance from its security contractor in light of the "emergency"
π’ Microsoft's Patch Tuesday fixes 70 vulnerabilities after a troublesome January update π’
π Read
via "ITPro".
Microsoft will be hoping for a bug-free round of patches after admins complained of January's updates breaking more components than they fixedπ Read
via "ITPro".
ITPro
Microsoft's Patch Tuesday fixes 70 vulnerabilities after a troublesome January update
Microsoft will be hoping for a bug-free round of patches after admins complained of January's updates breaking more components than they fixed