π’ DHS establishes the nationβs first Cyber Safety Review Board π’
π Read
via "ITPro".
The public-private initiative unites federal government and industry leaders to boost cyber security in the USπ Read
via "ITPro".
IT PRO
DHS establishes the nationβs first Cyber Safety Review Board | IT PRO
The public-private initiative unites federal government and industry leaders to boost cyber security in the US
π’ The top 12 password-cracking techniques used by hackers π’
π Read
via "ITPro".
Some of the most common, and most effective methods for stealing passwordsπ Read
via "ITPro".
ITPro
How do hackers get your passwords?
How do hackers get your passwords? Knowing the answer could help you keep yours safe from predatory cyber criminals
π’ IRS backtracks on facial recognition plans following backlash π’
π Read
via "ITPro".
The turnabout was prompted by privacy concerns raised by taxpayers, lawmakers, and advocacy groupsπ Read
via "ITPro".
IT PRO
IRS backtracks on facial recognition plans following backlash | IT PRO
The turnabout was prompted by privacy concerns raised by taxpayers, lawmakers, and advocacy groups
π’ Why software alone wonβt solve the security crisis π’
π Read
via "ITPro".
The shift to remote working and emerging cyber threats have the potential to create a perfect storm. Endpoint security requires a new approachπ Read
via "ITPro".
IT PRO
Why software alone wonβt solve the security crisis | IT PRO
The shift to remote working and emerging cyber threats have the potential to create a perfect storm. Endpoint security requires a new approach
π’ China-backed hackers linked to News Corp cyber attack π’
π Read
via "ITPro".
Journalists at high-profile media organisations such as the Wall Street Journal and The Times were targeted in the attack linked to espionage activityπ Read
via "ITPro".
IT PRO
China-backed hackers linked to News Corp cyber attack | IT PRO
Journalists at high-profile media organisations such as the Wall Street Journal and The Times were targeted in the attack linked to espionage activity
π’ FBI warns of "sophisticated" LockBit 2.0 ransomware π’
π Read
via "ITPro".
Bureau warns of fast, automated organization-wide encryption capabilityπ Read
via "ITPro".
IT PRO
FBI warns of "sophisticated" LockBit 2.0 ransomware | IT PRO
Bureau warns of fast, automated organization-wide encryption capability
β Apple zero-day drama for Macs, iPhones and iPads β patch now! β
π Read
via "Naked Security".
Sudden update! Zero-day browser hole! Drive-by malware danger! Patch Apple laptops and phones now...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2022-0308 βΌ
π Read
via "National Vulnerability Database".
Use after free in Data Transfer in Google Chrome on Chrome OS prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25014 βΌ
π Read
via "National Vulnerability Database".
The Ibtana WordPress plugin before 1.1.4.9 does not have authorisation and CSRF checks in the ive_save_general_settings AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings which could lead to Stored Cross-Site Scripting issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0307 βΌ
π Read
via "National Vulnerability Database".
Use after free in Optimization Guide in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0212 βΌ
π Read
via "National Vulnerability Database".
The SpiderCalendar WordPress plugin through 1.5.65 does not sanitise and escape the callback parameter before outputting it back in the page via the window AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0575 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-25018 βΌ
π Read
via "National Vulnerability Database".
The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks in the ppom_settings_panel_action AJAX action, allowing any authenticated to call it and set arbitrary settings. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored XSS issuesπ Read
via "National Vulnerability Database".
βΌ CVE-2021-44879 βΌ
π Read
via "National Vulnerability Database".
In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0300 βΌ
π Read
via "National Vulnerability Database".
Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45444 βΌ
π Read
via "National Vulnerability Database".
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0291 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0200 βΌ
π Read
via "National Vulnerability Database".
Themify Portfolio Post WordPress plugin before 1.1.7 does not sanitise and escape the num_of_pages parameter before outputting it back the response of the themify_create_popup_page_pagination AJAX action (available to any authenticated user), leading to a Reflected Cross-Site Scriptingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-22765 βΌ
π Read
via "National Vulnerability Database".
BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). BD Viper LT system versions 4.0 and later utilize Microsoft Windows 10 and have additional Operating System hardening configurations which increase the attack complexity required to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0176 βΌ
π Read
via "National Vulnerability Database".
The PowerPack Lite for Beaver Builder WordPress plugin before 1.2.9.3 does not sanitise and escape the tab parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scriptingπ Read
via "National Vulnerability Database".
βΌ CVE-2022-0302 βΌ
π Read
via "National Vulnerability Database".
Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".