π GRAudit Grep Auditing Tool 3.4 π
π Read
via "Packet Storm Security".
Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility, grep. It's comparable to other static analysis applications like RATS, SWAAT, and flaw-finder while keeping the technical requirements to a minimum and being very flexible.π Read
via "Packet Storm Security".
Packetstormsecurity
GRAudit Grep Auditing Tool 3.4 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ 3 Ways to Expand Gender Diversity in Cybersecurity π΄
π Read
via "Dark Reading".
Why this is important: A business that surrounds itself with the same kind of people who work on the same projects will not generate new or original ideas.π Read
via "Dark Reading".
Dark Reading
3 Ways to Expand Gender Diversity in Cybersecurity
Why this is important: A business that surrounds itself with the same kind of people who work on the same projects will not generate new or original ideas.
π1
βοΈ Conti Ransomware Group Diaries, Part II: The Office βοΈ
π Read
via "Krebs on Security".
Earlier this week, a Ukrainian security researcher leaked almost two yearsβ worth of internal chat logs from Conti, one of the more rapacious and ruthless ransomware gangs in operation today. Tuesdayβs story examined how Conti dealt with its own internal breaches and attacks from private security firms and governments. In Part II of this series weβll explore what itβs like to work for Conti, as described by the Conti employees themselves.π Read
via "Krebs on Security".
Krebs on Security
Conti Ransomware Group Diaries, Part II: The Office
Earlier this week, a Ukrainian security researcher leaked almost two yearsβ worth of internal chat logs from Conti, one of the more rapacious and ruthless ransomware gangs in operation today. Tuesdayβs story examined how Conti dealt with its own internalβ¦
π1
π΄ Protecting Field Programmable Gate Arrays From Attacks π΄
π Read
via "Dark Reading".
FPGAs can be part of physical systems in the aerospace, medical, or industrial fields, so a security compromise can be potentially serious.π Read
via "Dark Reading".
Dark Reading
Protecting Field Programmable Gate Arrays From Attacks
FPGAs can be part of physical systems in the aerospace, medical, or industrial fields, so a security compromise can be potentially serious.
βΌ CVE-2022-25016 βΌ
π Read
via "National Vulnerability Database".
Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /student_attendance/index.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-43070 βΌ
π Read
via "National Vulnerability Database".
Multiple relative path traversal vulnerabilities [CWE-23] in FortiWLM management interface 8.6.2 and below, 8.5.2 and below, 8.4.2 and below, 8.3.3 and below, 8.2.2 may allow an authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22350 βΌ
π Read
via "National Vulnerability Database".
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 220394.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38996 βΌ
π Read
via "National Vulnerability Database".
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213076.π Read
via "National Vulnerability Database".
π΄ Companies' Code Leaking More Passwords and Secrets π΄
π Read
via "Dark Reading".
Software code pushed to online code repositories exposed twice as many secrets compared to last year, putting organizations' security at risk.π Read
via "Dark Reading".
Dark Reading
Companies' Code Leaking More Passwords and Secrets
Software code pushed to online code repositories exposed twice as many secrets compared to last year, putting organizations' security at risk.
π Senate Passes Act That Would Require Disclosing Cyberattacks π
π Read
via "".
The Senate has passed legislation that among other requirements, would require critical infrastructure entities to report to the federal government when they are hacked.π Read
via "".
Digital Guardian
Senate Passes Act That Would Require Disclosing Cyberattacks
The Senate has passed legislation that among other requirements, would require critical infrastructure entities to report to the federal government when they are hacked.
π΄ Researchers Devise Attack for Stealing Data During Homomorphic Encryption π΄
π Read
via "Dark Reading".
A vulnerability in a Microsoft crypto library gives attackers a way to figure out what data is being encrypted in lockpicker-like fashion.π Read
via "Dark Reading".
Dark Reading
Researchers Devise Attack for Stealing Data During Homomorphic Encryption
A vulnerability in a Microsoft crypto library gives attackers a way to figure out what data is being encrypted in lockpicker-like fashion.
βΌ CVE-2021-38268 βΌ
π Read
via "National Vulnerability Database".
The Dynamic Data Mapping module in Liferay Portal through v7.3.6 and Liferay DXP through v7.3 incorrectly sets default permissions for site members, allowing authenticated attackers to add and duplicate forms via the UI or the API.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23878 βΌ
π Read
via "National Vulnerability Database".
seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23640 βΌ
π Read
via "National Vulnerability Database".
Excel-Streaming-Reader is an easy-to-use implementation of a streaming Excel reader using Apache POI. Prior to xlsx-streamer 2.1.0, the XML parser that was used did apply all the necessary settings to prevent XML Entity Expansion issues. Upgrade to version 2.1.0 to receive a patch. There is no known workaround.π Read
via "National Vulnerability Database".
π΄ 7 Ways to Secure Collaboration Tools in Your Organization π΄
π Read
via "Dark Reading".
The push to embrace Slack, Teams, and Zoom at work comes with new security risks for organizations.π Read
via "Dark Reading".
Dark Reading
7 Ways to Secure Collaboration Tools in Your Organization
The push to embrace Slack, Teams, and Zoom at work comes with new security risks for organizations.
π1
β TeaBot Trojan Haunts Google Play Store, Again β
π Read
via "Threat Post".
Malicious Google Play apps have circumvented censorship by hiding trojans in software updates.π Read
via "Threat Post".
Threat Post
TeaBot Trojan Haunts Google Play Store, Again
Malicious Google Play apps have circumvented censorship by hiding trojans in software updates.
βΌ CVE-2022-23958 βΌ
π Read
via "National Vulnerability Database".
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41001 βΌ
π Read
via "National Vulnerability Database".
An authenticated remote code execution vulnerability was discovered in the AOS-CX Network Analytics Engine (NAE) in Aruba CX 6200F Switch Series, Aruba 6300 Switch Series, Aruba 6400 Switch Series, Aruba 8320 Switch Series, Aruba 8325 Switch Series, Aruba 8400 Switch Series, Aruba CX 8360 Switch Series version(s): AOS-CX 10.07.xxxx: 10.07.0050 and below, AOS-CX 10.08.xxxx: 10.08.1030 and below, AOS-CX 10.09.xxxx: 10.09.0002 and below. Aruba has released upgrades for Aruba AOS-CX devices that address this security vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0711 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23954 βΌ
π Read
via "National Vulnerability Database".
Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23656 βΌ
π Read
via "National Vulnerability Database".
Zulip is an open source team chat app. The `main` development branch of Zulip Server from June 2021 and later is vulnerable to a cross-site scripting vulnerability on the recent topics page. An attacker could maliciously craft a full name for their account and send messages to a topic with several participants; a victim who then opens an overflow tooltip including this full name on the recent topics page could trigger execution of JavaScript code controlled by the attacker. Users running a Zulip server from the main branch should upgrade from main (2022-03-01 or later) again to deploy this fix.π Read
via "National Vulnerability Database".