βΌ CVE-2022-22351 βΌ
π Read
via "National Vulnerability Database".
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted host. IBM X-Force ID: 220396π Read
via "National Vulnerability Database".
βΌ CVE-2021-38988 βΌ
π Read
via "National Vulnerability Database".
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212950.π Read
via "National Vulnerability Database".
π SEC Mulling New Cybersecurity Rules π
π Read
via "".
Recently proposed SEC cybersecurity rules could affect how U.S. securities markets, including issuers, registrants, and service providers, approach compliance efforts.π Read
via "".
Digital Guardian
SEC Mulling New Cybersecurity Rules
Recently proposed SEC cybersecurity rules could affect how U.S. securities markets, including issuers, registrants, and service providers, approach compliance efforts.
β Novel Attack Turns Amazon Devices Against Themselves β
π Read
via "Threat Post".
Researchers have discovered how to remotely manipulate the Amazon Echo through its own speakers.π Read
via "Threat Post".
Threat Post
Novel Attack Turns Amazon Devices Against Themselves
Researchers have discovered how to remotely manipulate the Amazon Echo through its own speakers.
π΄ Name That Edge Toon: Animal Instincts π΄
π Read
via "Dark Reading".
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Edge Toon: Animal Instincts
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
π΄ Samsung Source Code Compromised in Hack π΄
π Read
via "Dark Reading".
Mobile vendor confirms that some source code used with its Galaxy devices was breached.π Read
via "Dark Reading".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
π΄ Google in Talks to Acquire Mandiant π΄
π Read
via "Dark Reading".
Last month, Microsoft was interested in buying Mandiant. Now, it's Google that is looking at a deal to boost Google Cloud.π Read
via "Dark Reading".
Dark Reading
Google in Talks to Acquire Mandiant
Last month, Microsoft was interested in buying Mandiant. Now, it's Google that is looking at a deal to boost Google Cloud.
π1
π΄ Trio of Vendors Offer Free Services to Organizations at Risk of Russian Cyberattacks π΄
π Read
via "Dark Reading".
CrowdStrike, Cloudflare, and Ping Identity have teamed up with tools and services for the healthcare, power, and water industries as a way to quickly bolster their security on several fronts.π Read
via "Dark Reading".
Dark Reading
Cloud Security recent news | Dark Reading
Explore the latest news and expert commentary on Cloud Security, brought to you by the editors of Dark Reading
βΌ CVE-2022-24737 βΌ
π Read
via "National Vulnerability Database".
HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didnΓΒ’Γ’βΒ¬ΓΕt distinguish between cookies and hosts they belonged. This behavior resulted in the exposure of some cookies when there are redirects originating from the actual host to a third party website. Users are advised to upgrade. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36809 βΌ
π Read
via "National Vulnerability Database".
A local attacker can overwrite arbitrary files on the system with VPN client logs using administrator privileges, potentially resulting in a denial of service and data loss, in all versions of Sophos SSL VPN client.π Read
via "National Vulnerability Database".
βοΈ Conti Ransomware Group Diaries, Part IV: Cryptocrime βοΈ
π Read
via "Krebs on Security".
Three stories here last week pored over several yearsβ worth of internal chat records stolen from the Conti ransomware group, the most profitable ransomware gang in operation today. The candid messages revealed how Conti evaded law enforcement and intelligence agencies, what it was like on a typical day at the Conti office, and how Conti secured the digital weaponry used in their attacks. This final post on the Conti conversations explores different schemes that Conti pursued to invest in and steal cryptocurrencies.π Read
via "Krebs on Security".
Krebs on Security
Conti Ransomware Group Diaries, Part IV: Cryptocrime
Three stories here last week pored over several yearsβ worth of internal chat records stolen from the Conti ransomware group, the most profitable ransomware gang in operation today. The candid messages revealed how Conti evaded law enforcement and intelligenceβ¦
βΌ CVE-2021-43944 βΌ
π Read
via "National Vulnerability Database".
This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3.π Read
via "National Vulnerability Database".
π΄ Breaking the Bias for International Womenβs Day 2022 π΄
π Read
via "Dark Reading".
The theme of International Womenβs Day 2022 is βBreak the bias." This is what #BreaktheBias means to me.π Read
via "Dark Reading".
Dark Reading
Breaking the Bias for International Womenβs Day 2022
The theme of International Womenβs Day 2022 is "Break the bias." This is what #BreaktheBias means to me.
π΄ 8 More Women in Security You May Not Know But Should π΄
π Read
via "Dark Reading".
Dark Reading highlights women who are quietly changing the game in cybersecurity. We also revisit some of those we've spoken to in the past to see what they're up to now.π Read
via "Dark Reading".
Dark Reading
8 More Women in Security You May Not Know but Should
Dark Reading highlights women who are quietly changing the game in cybersecurity. We also revisit some of those we've spoken to in the past to see what they're up to now.
ποΈ Concerns raised over bug disclosure program aimed at tackling Russiaβs βpropaganda machineβ ποΈ
π Read
via "The Daily Swig".
Some cybersecurity professionals express unease about βred teamβ VDP launched alongside defense-focused programπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Concerns raised over bug disclosure program aimed at tackling Russiaβs βpropaganda machineβ
Some cybersecurity professionals express unease about βred teamβ VDP launched alongside defense-focused program
ποΈ SQL injection vulnerability in e-learning platform Moodle could enable database takeover ποΈ
π Read
via "The Daily Swig".
Security flaw could risk data leakπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
SQL injection vulnerability in e-learning platform Moodle could enable database takeover
Security flaw could risk data leak
β Bug in the Linux Kernel Allows Privilege Escalation, Container Escape β
π Read
via "Threat Post".
A missing check allows unprivileged attackers to escape containers and execute arbitrary commands in the kernel.π Read
via "Threat Post".
Threat Post
Bug in the Linux Kernel Allows Privilege Escalation, Container Escape
A missing check allows unprivileged attackers to escape containers and execute arbitrary commands in the kernel.
π΄ 7 Essentials for More Security-Aware Design Automation π΄
π Read
via "Dark Reading".
Electronic design automation solutions, software programs that help designers develop electronic systems and semiconductor chips, can be used in service of security assurance.π Read
via "Dark Reading".
Dark Reading
7 Essentials for More Security-Aware Design Automation
Electronic design automation solutions, software programs that help designers develop electronic systems and semiconductor chips, can be used in service of security assurance.
β Zero-Click Flaws in Widely Used UPS Devices Threaten Critical Infratructure β
π Read
via "Threat Post".
The 'TLStorm' vulnerabilities, found in APC Smart-UPS products, could allow attackers to cause both cyber and physical damage by taking down critical infrastructure.π Read
via "Threat Post".
Threat Post
Zero-Click Flaws in Widely Used UPS Devices Threaten Critical Infratructure
The 'TLStorm' vulnerabilities, found in APC Smart-UPS products, could allow attackers to cause both cyber and physical damage by taking down critical infrastructure.
π Samhain File Integrity Checker 4.4.7 π
π Read
via "Packet Storm Security".
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.π Read
via "Packet Storm Security".
Packetstormsecurity
Samhain File Integrity Checker 4.4.7 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2022-0877 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository bookstackapp/bookstack prior to v22.02.3.π Read
via "National Vulnerability Database".