β WordPress backup plugin maker Updraft says βYou should updateββ¦ β
π Read
via "Naked Security".
A straight-talking bug report written in plain English by an actual expert - there's a teachable moment in this cybersecurity story!π Read
via "Naked Security".
Naked Security
WordPress backup plugin maker Updraft says βYou should updateββ¦
A straight-talking bug report written in plain English by an actual expert β thereβs a teachable moment in this cybersecurity story!
β Apple AirTag anti-stalking protection bypassed by researchers β
π Read
via "Naked Security".
Problems with Apple's Tracker Detect system, which warns you of likely stalking attempts using hidden AirTags.π Read
via "Naked Security".
Naked Security
Apple AirTag anti-stalking protection bypassed by researchers
Problems with Appleβs Tracker Detect system, which warns you of likely stalking attempts using hidden AirTags.
βΌ CVE-2022-20625 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the Cisco Discovery Protocol service of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the service to restart, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of Cisco Discovery Protocol messages that are processed by the Cisco Discovery Protocol service. An attacker could exploit this vulnerability by sending a series of malicious Cisco Discovery Protocol messages to an affected device. A successful exploit could allow the attacker to cause the Cisco Discovery Protocol service to fail and restart. In rare conditions, repeated failures of the process could occur, which could cause the entire device to restart.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20650 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an authenticated, remote attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation of user supplied data that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP POST request to the NX-API of an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system. Note: The NX-API feature is disabled by default.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0476 βΌ
π Read
via "National Vulnerability Database".
Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20623 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the rate limiter for Bidirectional Forwarding Detection (BFD) traffic of Cisco NX-OS Software for Cisco Nexus 9000 Series Switches could allow an unauthenticated, remote attacker to cause BFD traffic to be dropped on an affected device. This vulnerability is due to a logic error in the BFD rate limiter functionality. An attacker could exploit this vulnerability by sending a crafted stream of traffic through the device. A successful exploit could allow the attacker to cause BFD traffic to be dropped, resulting in BFD session flaps. BFD session flaps can cause route instability and dropped traffic, resulting in a denial of service (DoS) condition. This vulnerability applies to both IPv4 and IPv6 traffic.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20624 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the Cisco Fabric Services over IP (CFSoIP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of incoming CFSoIP packets. An attacker could exploit this vulnerability by sending crafted CFSoIP packets to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.π Read
via "National Vulnerability Database".
π΄ CISA Warns of New Malware Framework Used by Russian 'Sandworm' Hacking Team π΄
π Read
via "Dark Reading".
Russian General Staff Main Intelligence Directorate (GRU) hacking team appears to have swapped its VPNFilter malware platform for the so-called Cyclops Blink malware framework.π Read
via "Dark Reading".
Dark Reading
CISA Warns of New Malware Framework Used by Russian 'Sandworm' Hacking Team
Russian General Staff Main Intelligence Directorate (GRU) hacking team appears to have swapped its VPNFilter malware platform for the so-called Cyclops Blink malware framework.
π΄ Tales from the Dark Web, Part 3: How Criminals Monetize Ransomware π΄
π Read
via "Dark Reading".
Ransomware operators rely on cryptocurrency and other payment schemes to keep their activities under the radar and harder to trace.π Read
via "Dark Reading".
Dark Reading
Tales from the Dark Web, Part 3: How Criminals Monetize Ransomware
Ransomware operators rely on cryptocurrency and other payment schemes to keep their activities under the radar and harder to trace.
π΄ What Does Least Privilege Access Mean for Cloud Security? π΄
π Read
via "Dark Reading".
While traditional security controls are necessary at the perimeter, organizations also need to prevent malicious privileged access.π Read
via "Dark Reading".
Dark Reading
What Does Least Privilege Access Mean for Cloud Security?
While traditional security controls are necessary at the perimeter, organizations also need to prevent malicious privileged access.
π Fraud Cost Americans $5.8 Billion in 2021 π
π Read
via "".
Americans lost more than 70% more to fraud last year than the year before, proof that tactics used by scammers from the early days of the pandemic are still working.π Read
via "".
βΌ CVE-2022-22336 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling External Authentication Server and IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 could allow a remote user to consume resources causing a denial of service due to a resource leak. IBM X-Force ID: 219395.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4070 βΌ
π Read
via "National Vulnerability Database".
Off-by-one Error in GitHub repository v2fly/v2ray-core prior to 4.44.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21705 βΌ
π Read
via "National Vulnerability Database".
Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass `cms.safe_mode` / `cms.enableSafeMode` in order to execute arbitrary code. This issue only affects admin panels that rely on safe mode and restricted permissions. To exploit this vulnerability, an attacker must first have access to the backend area. The issue has been patched in Build 474 (v1.0.474) and v1.1.10. Users unable to upgrade should apply https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe to your installation manually.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22333 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling Secure Proxy 6.0.3.0, 6.0.2.0, and 3.4.3.2 and IBM Sterling External Authentication Server are vulnerable a buffer overflow, due to the Jetty based GUI in the Secure Zone not properly validating the sizes of the form content and/or HTTP headers submitted. A local attacker positioned inside the Secure Zone could submit a specially crafted HTTP request to disrupt service. IBM X-Force ID: 219133.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0731 βΌ
π Read
via "National Vulnerability Database".
Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0.π Read
via "National Vulnerability Database".
β Samsung Shattered Encryption on 100M Phones β
π Read
via "Threat Post".
One cryptography expert said that 'serious flaws' in the way Samsung phones encrypt sensitive material, as revealed by academics, are 'embarrassingly bad.'π Read
via "Threat Post".
Threat Post
Samsung Shattered Encryption on 100M Phones
'Serious flaws' in the way Samsung phones encrypt sensitive material, as revealed by academics from Tel Aviv U, are 'embarrassingly bad.'
βΌ CVE-2022-24409 βΌ
π Read
via "National Vulnerability Database".
Only customers with active BSAFE maintenance contracts can receive details about this vulnerability. Public disclosure of the vulnerability details will be shared at a later date.π Read
via "National Vulnerability Database".
π΄ Cloud Storage Leaks Grew by 150% in 2021, New CybelAngel Report Reveals π΄
π Read
via "Dark Reading".
An increase in outsourced development projects also led to a 66% increase in source code leaks.π Read
via "Dark Reading".
Dark Reading
Cloud Storage Leaks Grew by 150% in 2021, New CybelAngel Report Reveals
An increase in outsourced development projects also led to a 66% increase in source code leaks.
π΄ Darktrace Acquires Attack Surface Management Company Cybersprint π΄
π Read
via "Dark Reading".
Through this acquisition, Darktrace gains a second European R&D centre in The Hague, Netherlands.π Read
via "Dark Reading".
Dark Reading
Darktrace Acquires Attack Surface Management Company Cybersprint
Through this acquisition, Darktrace gains a second European R&D centre in The Hague, Netherlands.
βΌ CVE-2022-23653 βΌ
π Read
via "National Vulnerability Database".
B2 Command Line Tool is the official command line tool for the backblaze cloud storage service. Linux and Mac releases of the B2 command-line tool version 3.2.0 and below contain a key disclosure vulnerability that, in certain conditions, can be exploited by local attackers through a time-of-check-time-of-use (TOCTOU) race condition. The command line tool saves API keys (and bucket name-to-id mapping) in a local database file (`$XDG_CONFIG_HOME/b2/account_info`, `~/.b2_account_info` or a user-defined path) when `b2 authorize-account` is first run. This happens regardless of whether a valid key is provided or not. When first created, the file is world readable and is (typically a few milliseconds) later altered to be private to the user. If the directory is readable by a local attacker and the user did not yet run `b2 authorize-account` then during the brief period between file creation and permission modification, a local attacker can race to open the file and maintain a handle to it. This allows the local attacker to read the contents after the file after the sensitive information has been saved to it. Users that have not yet run `b2 authorize-account` should upgrade to B2 Command-Line Tool v3.2.1 before running it. Users that have run `b2 authorize-account` are safe if at the time of the file creation no other local users had read access to the local configuration file. Users that have run `b2 authorize-account` where the designated path could be opened by another local user should upgrade to B2 Command-Line Tool v3.2.1 and remove the database and regenerate all application keys. Note that `b2 clear-account` does not remove the database file and it should not be used to ensure that all open handles to the file are invalidated. If B2 Command-Line Tool cannot be upgraded to v3.2.1 due to a dependency conflict, a binary release can be used instead. Alternatively a new version could be installed within a virtualenv, or the permissions can be changed to prevent local users from opening the database file.π Read
via "National Vulnerability Database".