βΌ CVE-2022-24295 βΌ
π Read
via "National Vulnerability Database".
Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44141 βΌ
π Read
via "National Vulnerability Database".
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0564 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authenticated requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23984 βΌ
π Read
via "National Vulnerability Database".
Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11).π Read
via "National Vulnerability Database".
βΌ CVE-2022-22308 βΌ
π Read
via "National Vulnerability Database".
IBM Planning Analytics 2.0 is vulnerable to a Remote File Include (RFI) attack. User input could be passed into file include commands and the web application could be tricked into including remote files with malicious code. IBM X-Force ID: 216891.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4115 βΌ
π Read
via "National Vulnerability Database".
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawnedπ Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-24564 βΌ
π Read
via "National Vulnerability Database".
Checkmk <=2.0.0p19 contains a Cross Site Scripting (XSS) vulnerability. While creating or editing a user attribute, the Help Text is subject to HTML injection, which can be triggered for editing a user.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0676 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in NPM radare2.js prior to 5.6.4.π Read
via "National Vulnerability Database".
β NFT Investors Lose $1.7M in OpenSea Phishing Attack β
π Read
via "Threat Post".
Attackers took advantage of a smart-contract migration to swindle 17 users.π Read
via "Threat Post".
Threat Post
NFT Investors Lose $1.7M in OpenSea Phishing Attack
Attackers took advantage of a smart-contract migration to swindle 17 users.
ποΈ Jaw-dropping Coinbase security bug allowed users to steal unlimited cryptocurrency ποΈ
π Read
via "The Daily Swig".
Researcher nets $250,000 for βpotentially market-nukingβ vulnerabilityπ Read
via "The Daily Swig".
π₯3π1
π΄ Hidden Costs of a Data Breach π΄
π Read
via "Dark Reading".
Don't consider just the initial costs. Hidden factors include remediation, revenue loss, reputational harm, national security β even human life.π Read
via "Dark Reading".
Dark Reading
Hidden Costs of a Data Breach
Don't consider just the initial costs. Hidden factors include remediation, revenue loss, reputational harm, national security β even human life.
ποΈ AirTag clone bypassed Appleβs tracking-protection features, claims researcher ποΈ
π Read
via "The Daily Swig".
Third-party app allegedly outperforms Find My service by detecting the DIY deviceπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
AirTag clone bypassed Appleβs tracking-protection features, claims researcher
Third-party app allegedly outperforms Find My service by detecting the DIY device
π1
βοΈ Report: Missouri Governorβs Office Responsible for Teacher Data Leak βοΈ
π Read
via "Krebs on Security".
Missouri Governor Mike Parson made headlines last year when he vowed to criminally prosecute a journalist for reporting a security flaw in a state website that exposed personal information of more than 100,000 teachers. But Missouri prosecutors now say theyβ¦ Read More Β»π Read
via "Krebs on Security".
β French speakers blasted by sextortion scams with no text or links β
π Read
via "Naked Security".
You'd spot this one a mile away... but what about your friends or family?π Read
via "Naked Security".
Naked Security
French speakers blasted by sextortion scams with no text or links
Youβd spot this one a mile awayβ¦ but what about your friends or family?
βΌ CVE-2022-0665 βΌ
π Read
via "National Vulnerability Database".
Path Traversal in GitHub repository pimcore/pimcore prior to 10.3.2.π Read
via "National Vulnerability Database".
π I2P 1.7.0 π
π Read
via "Packet Storm Security".
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.π Read
via "Packet Storm Security".
Packetstormsecurity
I2P 1.7.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β WordPress backup plugin maker Updraft says βYou should updateββ¦ β
π Read
via "Naked Security".
A straight-talking bug report written in plain English by an actual expert - there's a teachable moment in this cybersecurity story!π Read
via "Naked Security".
Naked Security
WordPress backup plugin maker Updraft says βYou should updateββ¦
A straight-talking bug report written in plain English by an actual expert β thereβs a teachable moment in this cybersecurity story!
βοΈ IRS: Selfies Now Optional, Biometric Data to Be Deleted βοΈ
π Read
via "Krebs on Security".
The U.S. Internal Revenue Service (IRS) said Monday that taxpayers are no longer required to provide facial scans to create an account online at irs.gov. In lieu of providing biometric data, taxpayers can now opt for a live video interview with ID.me, the privately-held Virginia company that runs the agency's identity proofing system. The IRS also said any biometric data already shared with ID.me would be permanently deleted over the next few weeks, and any biometric data provided for new signups will be destroyed after an account is created.π Read
via "Krebs on Security".
Krebsonsecurity
IRS: Selfies Now Optional, Biometric Data to Be Deleted
The U.S. Internal Revenue Service (IRS) said Monday that taxpayers are no longer required to provide facial scans to create an account online at irs.gov. In lieu of providing biometric data, taxpayers can now opt for a live video interviewβ¦
π1
β Xenomorph Malware Burrows into Google Play Users, No Facehugger Required β
π Read
via "Threat Post".
Researchers discovered a new, modular banking trojan with ties to Cerberus and Alien that has the capability to become a much larger threat than it is now.π Read
via "Threat Post".
Threat Post
Xenomorph Malware Burrows into Google Play Users, No Facehugger Required
Researchers discovered a new, modular banking trojan with ties to Cerberus and Alien that has the capability to become a much larger threat than it is now.
βΌ CVE-2021-46162 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15048)π Read
via "National Vulnerability Database".
βΌ CVE-2022-0712 βΌ
π Read
via "National Vulnerability Database".
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.4.π Read
via "National Vulnerability Database".