ποΈ US fraudster jailed over $300k business email compromise scheme ποΈ
π Read
via "The Daily Swig".
Scheme unraveled when defendant tried to cash ill-gotten gainsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
US fraudster jailed over $300k business email compromise scheme
Scheme unraveled when defendant tried to cash ill-gotten gains
β Apple AirTag anti-stalking protection bypassed by researchers β
π Read
via "Naked Security".
Problems with Apple's Tracker Detect system, which warns you of likely stalking attempts using hidden AirTags.π Read
via "Naked Security".
Naked Security
Apple AirTag anti-stalking protection bypassed by researchers
Problems with Appleβs Tracker Detect system, which warns you of likely stalking attempts using hidden AirTags.
π΄ New York Opens Joint Security Operations Center in NYC π΄
π Read
via "Dark Reading".
The "first-in-nation" cyber command center will provide municipal and local governments with threat intelligence and resources to defend themselves against cyberattacks.π Read
via "Dark Reading".
Dark Reading
New York Opens Joint Security Operations Center in NYC
The "first-in-nation" cyber command center will provide municipal and local governments with threat intelligence and resources to defend themselves against cyberattacks.
π1
β The Art of Non-boring Cybersec TrainingβPodcast β
π Read
via "Threat Post".
With human error being the common factor in most cyberattacks, employee training has got to get better. To that end, Trustwave cybersec training expert Darren Van Booven explains the importance of fish stress balls and management buy-in.π Read
via "Threat Post".
π΄ SaaS in the Enterprise: The Good, the Bad, and the Unknown π΄
π Read
via "Dark Reading".
SaaS offers many benefits to the enterprise, but security issues left unchecked can mitigate value.π Read
via "Dark Reading".
Dark Reading
SaaS in the Enterprise: The Good, the Bad, and the Unknown
SaaS offers many benefits to the enterprise, but security issues left unchecked can mitigate value.
βΌ CVE-2022-0695 βΌ
π Read
via "National Vulnerability Database".
Denial of Service in GitHub repository radareorg/radare2 prior to 5.6.4.π Read
via "National Vulnerability Database".
β Cyberattackers Leverage DocuSign to Steal Microsoft Outlook Logins β
π Read
via "Threat Post".
A targeted phishing attack takes aim at a major U.S. payments company.π Read
via "Threat Post".
Threat Post
Cyberattackers Leverage DocuSign to Steal Microsoft Outlook Logins
A targeted phishing attack takes aim at a major U.S. payments company.
ποΈ Data wiper deployed in cyber-attacks targeting Ukrainian systems ποΈ
π Read
via "The Daily Swig".
Newly named βHermeticWiperβ malware discovered on hundreds of endpointsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Data wiper deployed in cyber-attacks targeting Ukrainian systems
Newly named βHermeticWiperβ malware discovered on hundreds of endpoints
π€―1
π΄ JupiterOne Unveils Starbase for Graph-Based ο»ΏSecurity π΄
π Read
via "Dark Reading".
The open source asset management tool lets security analysts collect asset information all across the organization's digital operations and run queries to understand their relationships.π Read
via "Dark Reading".
Dark Reading
JupiterOne Unveils Starbase for Graph-Based ο»ΏSecurity
The open source asset management tool lets security analysts collect asset information all across the organization's digital operations and run queries to understand their relationships.
π Packet Fence 11.2.0 π
π Read
via "Packet Storm Security".
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.π Read
via "Packet Storm Security".
Packetstormsecurity
Packet Fence 11.2.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Web Filtering and Compliances for Wi-Fi Providers β
π Read
via "Threat Post".
Demand for public Wi-Fi is on the rise. Usually free of charge, but there is a risk of expensive losses. Learn ways to protect yourself from cyber-threats.π Read
via "Threat Post".
Threat Post
Web Filtering and Compliances for Wi-Fi Providers
The demand for public Wi-Fi is increasing constantly due to the increase of smartphone owners and remote workers. Researchers at VPNMentor say that there are approximately 549 million Wi-Fi hotspots worldwide. Another survey by Semantic found that 87 percentβ¦
π΄ Illusive Launches Identity Risk Management Platform π΄
π Read
via "Dark Reading".
Illusive Spotlight automatically and continuously discovers and mitigates privileged identity risks, while Illusive Shadow protects against identity risks that can't be readily remediated.π Read
via "Dark Reading".
Dark Reading
Illusive Launches Identity Risk Management Platform
Illusive Spotlight automatically and continuously discovers and mitigates privileged identity risks, while Illusive Shadow protects against identity risks that can't be readily remediated.
π΄ Businesses Are at Significant Risk of Cybersecurity Breaches Due to Immature Security Hygiene and Posture Management Practices π΄
π Read
via "Dark Reading".
Seven out of 10 organizations experienced a cyberattack that started through the exploit of unknown or poorly managed technology assets, according to Enterprise Strategy Group research.π Read
via "Dark Reading".
Dark Reading
Businesses Are at Significant Risk of Cybersecurity Breaches Due to Immature Security Hygiene and Posture Management Practices
Seven out of 10 organizations experienced a cyberattack that started through the exploit of unknown or poorly managed technology assets, according to Enterprise Strategy Group research.
βΌ CVE-2022-24633 βΌ
π Read
via "National Vulnerability Database".
All versions of FileCloud prior to 21.3 are vulnerable to user enumeration. The vulnerability exists in the parameter "path" passing "/SHARED/<username>". A malicious actor could identify the existence of users by requesting share information on specified share paths.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24599 βΌ
π Read
via "National Vulnerability Database".
In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25084 βΌ
π Read
via "National Vulnerability Database".
TOTOLink T6 V5.9c.4085_B20190428 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24620 βΌ
π Read
via "National Vulnerability Database".
Piwigo version 12.2.0 is vulnerable to stored cross-site scripting (XSS), which can lead to privilege escalation. In this way, admin can steal webmaster's cookies to get the webmaster's access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24374 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.75, Ver.2.9.x series versions prior to Ver.2.9.40, Ver.2.10.x series versions prior to Ver.2.10.44, Ver.2.11.x series versions prior to Ver.2.11.42, and Ver.3.0.x series versions prior to Ver.3.0.1 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. This vulnerability is different from CVE-2022-23916.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25079 βΌ
π Read
via "National Vulnerability Database".
TOTOLink A810R V4.1.2cu.5182_B20201026 was discovered to contain a command injection vulnerability in the "Main" function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24614 βΌ
π Read
via "National Vulnerability Database".
When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor library.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25355 βΌ
π Read
via "National Vulnerability Database".
EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to send an Email with some forged reissue-password URL to EC-CUBE users.π Read
via "National Vulnerability Database".