βΌ CVE-2022-24343 βΌ
π Read
via "National Vulnerability Database".
In JetBrains YouTrack before 2021.4.31698, a custom logo could be set by a user who has read-only permissions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24336 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24344 βΌ
π Read
via "National Vulnerability Database".
JetBrains YouTrack before 2021.4.31698 was vulnerable to stored XSS on the Notification templates page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24335 βΌ
π Read
via "National Vulnerability Database".
JetBrains TeamCity before 2021.2 was vulnerable to a Time-of-check/Time-of-use (TOCTOU) race-condition attack in agent registration via XML-RPC.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24342 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2021.2.1, URL injection leading to CSRF was possible.π Read
via "National Vulnerability Database".
π΄ Top 5 Interview Questions to Ask DevOps Candidates in 2022 π΄
π Read
via "Dark Reading".
It's worthwhile to find candidates who have experience with models that embed security into their processes.π Read
via "Dark Reading".
Dark Reading
Top 5 Interview Questions to Ask DevOps Candidates in 2022
It's worthwhile to find candidates who have experience with models that embed security into their processes.
β S3 Ep71: VMware escapes, PHP holes, WP plugin woes, and scary scams [Podcast + Transcript] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Did we learn nothing from Y2K? Why are some coders still stuck on two digit numbers? β
π Read
via "Naked Security".
Calling all website coders: Y2K was then. V1H is now!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β 6 Cyber-Defense Steps to Take Now to Protect Your Company β
π Read
via "Threat Post".
Ransomware is getting worse, but Daniel Spicer, chief security officer at Ivanti, offers a checklist for choosing defense solutions to meet the challenge.π Read
via "Threat Post".
Threat Post
6 Cyber-Defense Steps to Take Now to Protect Your Company
Ransomware is getting worse, but Daniel Spicer, chief security officer at Ivanti, offers a checklist for choosing defense solutions to meet the challenge.
π Friday Five 2/25 π
π Read
via "".
Ransomware hits the industrial sector, behind the scenes of stalkerware network, and more - catch up on the infosec news of the week with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 2/25
Ransomware hits the industrial sector, behind the scenes of a stalkerware network, and more - catch up on the infosec news of the week with the Friday Five!
βΌ CVE-2021-38993 βΌ
π Read
via "National Vulnerability Database".
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the smbcd daemon to cause a denial of service. IBM X-Force ID: 212962.π Read
via "National Vulnerability Database".
βοΈ Russia Sanctions May Spark Escalating Cyber Conflict βοΈ
π Read
via "Krebs on Security".
President Biden joined European leaders this week in enacting economic sanctions against Russia in response its military invasion of Ukraine. The West has promised tougher sanctions are coming, but experts warn these will almost certainly trigger a Russian retaliation against America and its allies, which could escalate into cyber attacks on Western financial institutions and energy infrastructure.π Read
via "Krebs on Security".
Krebsonsecurity
Russia Sanctions May Spark Escalating Cyber Conflict
President Biden joined European leaders this week in enacting economic sanctions against Russia in response its military invasion of Ukraine. The West has promised tougher sanctions are coming, but experts warn these will almost certainly trigger a Russianβ¦
β Microsoft Exchange Bugs Exploited by βCubaβ Ransomware Gang β
π Read
via "Threat Post".
The ransomware gang known as Cuba is increasingly shifting to exploiting Exchange bugs β including crooks' favorites, ProxyShell and ProxyLogon β as initial infection vectors.π Read
via "Threat Post".
Threat Post
Microsoft Exchange Bugs Exploited by βCubaβ Ransomware Gang
The ransomware gang known as Cuba is increasingly shifting to exploiting Exchange bugs β including crooks' favorites, ProxyShell and ProxyLogon β as initial infection vectors.
π΄ Ukrainian Troops Targeted in Phishing Attacks by Suspected Belarusian APT π΄
π Read
via "Dark Reading".
Ukraine's Computer Emergency Response Team calls out UNIC1151 nation-state hacking group out of Belarus as behind the attacks.π Read
via "Dark Reading".
Dark Reading
Ukrainian Troops Targeted in Phishing Attacks by Suspected Belarusian APT
Ukraine's Computer Emergency Response Team calls out UNIC1151 nation-state hacking group out of Belarus as behind the attacks.
βΌ CVE-2022-25061 βΌ
π Read
via "National Vulnerability Database".
TP-LINK TL-WR840N(ES)_V6.20_180709 was discovered to contain a command injection vulnerability via the component oal_setIp6DefaultRoute.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22489 βΌ
π Read
via "National Vulnerability Database".
There is a DoS vulnerability in smartphones. Successful exploitation of this vulnerability may affect service availability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0615 βΌ
π Read
via "National Vulnerability Database".
Use-after-free in eset_rtp kernel module used in ESET products for Linux allows potential attacker to trigger denial-of-service condition on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25264 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22429 βΌ
π Read
via "National Vulnerability Database".
There is a memory address out of bounds in smartphones. Successful exploitation of this vulnerability may cause malicious code to be executed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25019 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-38602. Reason: This candidate is a reservation duplicate of CVE-2021-38602. Notes: All CVE users should reference CVE-2021-38602 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42952 βΌ
π Read
via "National Vulnerability Database".
All pervious versions before October 25, 2021 of Zepl Notebooks are affeced by a sandbox escape vulnerability. Upon launching Remote Code Execution from the Notebook, users can then use that to subsequently escape the running context sandbox and proceed to access internal Zepl assets including cloud metadata services.π Read
via "National Vulnerability Database".