βΌ CVE-2022-24719 βΌ
π Read
via "National Vulnerability Database".
Fluture-Node is a FP-style HTTP and streaming utils for Node based on Fluture. Using `followRedirects` or `followRedirectsWith` with any of the redirection strategies built into fluture-node 4.0.0 or 4.0.1, paired with a request that includes confidential headers such as Authorization or Cookie, exposes you to a vulnerability where, if the destination server were to redirect the request to a server on a third-party domain, or the same domain over unencrypted HTTP, the headers would be included in the follow-up request and be exposed to the third party, or potential http traffic sniffing. The redirection strategies made available in version 4.0.2 automatically redact confidential headers when a redirect is followed across to another origin. A workaround has been identified by using a custom redirection strategy via the `followRedirectsWith` function. The custom strategy can be based on the new strategies available in fluture-node@4.0.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0577 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22303 βΌ
π Read
via "National Vulnerability Database".
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiManager versions prior to 7.0.2, 6.4.7 and 6.2.9 may allow a low privileged authenticated user to gain access to the FortiGate users credentials via the config conflict file.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-22301 βΌ
π Read
via "National Vulnerability Database".
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in FortiAP-CΓ console 5.4.0 through 5.4.3, 5.2.0 through 5.2.1 may allow an authenticated attacker to execute unauthorized commands by runningΓ CLI commands with specifically crafted arguments.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44166 βΌ
π Read
via "National Vulnerability Database".
An improper access control vulnerability [CWE-284 ] in FortiToken MobileΓ (Android) external push notification 5.1.0 and below may allow a remote attacker having already obtainedΓ a user's password to access the protected system during the 2FA procedure, even thoughΓ theΓ deny button is clicked by the legitimate user.π Read
via "National Vulnerability Database".
ποΈ Remote code execution vulnerability uncovered in Hashnode blogging platform ποΈ
π Read
via "The Daily Swig".
A local file coding error could be exploited to trigger RCEπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Remote code execution vulnerability uncovered in Hashnode blogging platform
A local file coding error could be exploited to trigger RCE
βΌ CVE-2022-23395 βΌ
π Read
via "National Vulnerability Database".
jQuery Cookie 1.4.1 is affected by parameter pollution, which can lead to DOM cross-site scripting (XSS).π Read
via "National Vulnerability Database".
βΌ CVE-2022-0829 βΌ
π Read
via "National Vulnerability Database".
Improper Authorization in GitHub repository webmin/webmin prior to 1.990.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0824 βΌ
π Read
via "National Vulnerability Database".
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.π Read
via "National Vulnerability Database".
π1
π’ IT Pro News In Review: UK likely to pay ransom, OnwardMobility shuts, and Russia blamed for hacks π’
π Read
via "ITPro".
Catch up on the biggest headlines of the week in just two minutesπ Read
via "ITPro".
IT PRO
IT Pro News In Review: UK likely to pay ransom, OnwardMobility shuts, and Russia blamed for hacks
Catch up on the biggest headlines of the week in just two minutes
π’ Conti ransomware gang data leaked by Ukrainian cyber researcher π’
π Read
via "ITPro".
The data includes internal chat logs between members and affiliates of the group, unveiling their personal details, conflicts, and accusationsπ Read
via "ITPro".
IT PRO
Conti ransomware gang data leaked by Ukrainian cyber researcher | IT PRO
The data includes internal chat logs between members and affiliates of the group, unveiling their personal details, conflicts, and accusations
π’ Hacking group leaks Nvidia data following alleged ransomware attack π’
π Read
via "ITPro".
LAPSU$ claims to have released Nvidia source code and highly confidential GPU driver dataπ Read
via "ITPro".
IT PRO
Hacking group leaks Nvidia data following alleged ransomware attack | IT PRO
LAPSU$ claims to have released Nvidia source code and highly confidential GPU driver data
π’ Russian cyber attacks on Ukraine: What we know so far π’
π Read
via "ITPro".
A score of additional attacks on the Ukrainian government and other critical services have been reported this week, as Russia officially declares war on the countryπ Read
via "ITPro".
IT Pro
Russian cyber attacks on Ukraine: What we know so far
The conflict between Russia and Ukraine has set the tone for all future wars, and the cyber attacks observed throughout will provide a how-to guide on handling simultaneous cyber and kinetic warfare
ποΈ Ukraine invasion: WordPress-hosted university websites hacked in βtargeted attacksβ ποΈ
π Read
via "The Daily Swig".
Education institutions hit by more than 100,000 attacks in 24 hoursπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Ukraine invasion: WordPress-hosted university websites hacked in βtargeted attacksβ
Education institutions hit by more than 100,000 attacks in 24 hours
π΄ Reduce Risk With Better Cyber Due Diligence π΄
π Read
via "Dark Reading".
Done incorrectly, due diligence can result in slower integration of assets, which increases acquisition costs associated and could reduce expected gains.π Read
via "Dark Reading".
Dark Reading
Reduce Risk With Better Cyber Due Diligence
Done incorrectly, due diligence can result in slower integration of assets, which increases acquisition costs associated and could reduce expected gains.
π΄ NeuraLegion Rebrands as Bright Security π΄
π Read
via "Dark Reading".
Also announces $20 million Series A funding round led by Evolution Equity Partners.π Read
via "Dark Reading".
Dark Reading
NeuraLegion Rebrands as Bright Security
Also announces $20 million Series A funding round led by Evolution Equity Partners.
β Ransomware with a difference: βDerestrict your software, or else!β β
π Read
via "Naked Security".
"Change your code to improve cryptomining"... or we'll dump 1TB of stolen secrets.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2022-0819 βΌ
π Read
via "National Vulnerability Database".
Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24306 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25634 βΌ
π Read
via "National Vulnerability Database".
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23779 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone. The internal hostname can be discovered by reading HTTP redirect responses.π Read
via "National Vulnerability Database".