βΌ CVE-2022-24508 βΌ
π Read
via "National Vulnerability Database".
Windows SMBv3 Client/Server Remote Code Execution Vulnerability.π Read
via "National Vulnerability Database".
π1
π΄ Palo Alto Networks Introduces Prisma Cloud Supply Chain Security π΄
π Read
via "Dark Reading".
Threat modeling visualization, code repository scanning, and pipeline configuration analysis help prioritize vulnerabilities.π Read
via "Dark Reading".
Dark Reading
Palo Alto Networks Introduces Prisma Cloud Supply Chain Security
Threat modeling visualization, code repository scanning, and pipeline configuration analysis help prioritize vulnerabilities.
π΄ 10 Signs of a Poor Security Leader π΄
π Read
via "Dark Reading".
Weak leadership can demotivate and demoralize the security workforce. Here's what to look out for.π Read
via "Dark Reading".
Dark Reading
10 Signs of a Poor Security Leader
Weak leadership can demotivate and demoralize the security workforce. Here's what to look out for.
π΄ Bitdefender Launches New Password Manager Solution for Consumers π΄
π Read
via "Dark Reading".
Simplifies the creation and management of secure passwords for all online accounts across multiple platforms including mobile.π Read
via "Dark Reading".
Dark Reading
Bitdefender Launches New Password Manager Solution for Consumers
Simplifies the creation and management of secure passwords for all online accounts across multiple platforms including mobile.
βΌ CVE-2022-24919 βΌ
π Read
via "National Vulnerability Database".
An authenticated user can create a link with reflected Javascript code inside it for graphsΓΒ’Γ’β¬ÒβΒ’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22806 βΌ
π Read
via "National Vulnerability Database".
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an unauthenticated connection to the UPS when a malformed connection is sent. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)π Read
via "National Vulnerability Database".
βΌ CVE-2022-22805 βΌ
π Read
via "National Vulnerability Database".
A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists that could cause remote code execution when an improperly handled TLS packet is reassembled. Affected Product: SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)π Read
via "National Vulnerability Database".
βΌ CVE-2022-24918 βΌ
π Read
via "National Vulnerability Database".
An authenticated user can create a link with reflected Javascript code inside it for itemsΓΒ’Γ’β¬ÒβΒ’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24349 βΌ
π Read
via "National Vulnerability Database".
An authenticated user can create a link with reflected XSS payload for actionsΓΒ’Γ’β¬ÒβΒ’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors - an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victimΓΒ’Γ’β¬ÒβΒ’s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0715 βΌ
π Read
via "National Vulnerability Database".
A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to arbitrarily change the behavior of the UPS when a key is leaked and used to upload malicious firmware. Affected Product: APC Smart-UPS Family: SMT Series (SMT Series ID=18: UPS 09.8 and prior / SMT Series ID=1040: UPS 01.2 and prior / SMT Series ID=1031: UPS 03.1 and prior), SMC Series (SMC Series ID=1005: UPS 14.1 and prior / SMC Series ID=1007: UPS 11.0 and prior / SMC Series ID=1041: UPS 01.1 and prior), SCL Series (SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior), SMX Series (SMX Series ID=20: UPS 10.2 and prior / SMX Series ID=23: UPS 07.0 and prior), SRT Series (SRT Series ID=1010/1019/1025: UPS 08.3 and prior / SRT Series ID=1024: UPS 01.0 and prior / SRT Series ID=1020: UPS 10.4 and prior / SRT Series ID=1021: UPS 12.2 and prior / SRT Series ID=1001/1013: UPS 05.1 and prior / SRT Series ID=1002/1014: UPSa05.2 and prior), APC SmartConnect Family: SMT Series (SMT Series ID=1015: UPS 04.5 and prior), SMC Series (SMC Series ID=1018: UPS 04.2 and prior), SMTL Series (SMTL Series ID=1026: UPS 02.9 and prior), SCL Series (SCL Series ID=1029: UPS 02.5 and prior / SCL Series ID=1030: UPS 02.5 and prior / SCL Series ID=1036: UPS 02.5 and prior / SCL Series ID=1037: UPS 03.1 and prior), SMX Series (SMX Series ID=1031: UPS 03.1 and prior)π Read
via "National Vulnerability Database".
βΌ CVE-2022-22511 βΌ
π Read
via "National Vulnerability Database".
Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24732 βΌ
π Read
via "National Vulnerability Database".
Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing filtering mechanisms.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24917 βΌ
π Read
via "National Vulnerability Database".
An authenticated user can create a link with reflected Javascript code inside it for servicesΓΒ’Γ’β¬ÒβΒ’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.π Read
via "National Vulnerability Database".
β APT41 Spies Broke Into 6 US State Networks via a Livestock App β
π Read
via "Threat Post".
The China-affiliated state-sponsored threat actor used Log4j and zero-day bugs in the USAHerds animal-tracking software to hack into multiple government networks.π Read
via "Threat Post".
Threat Post
APT41 Spies Broke Into 6 US State Networks via a Livestock App
The China-affiliated state-sponsored threat actor used Log4j and zero-day bugs in the USAHerds animal-tracking software to hack into multiple government networks.
π΄ FBI Alert: Ransomware Attacks Hit Critical Infrastructure Organizations π΄
π Read
via "Dark Reading".
Bureau releases indicators of compromise for the RagnarLocker ransomware that has hit 10 different critical infrastructure sectors.π Read
via "Dark Reading".
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
βΌ CVE-2022-24741 βΌ
π Read
via "National Vulnerability Database".
Nextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial of service by uploading specially crafted files which will cause the server to allocate too much memory / CPU. It is recommended that the Nextcloud Server is upgraded to 21.0.8 , 22.2.4 or 23.0.1. Users unable to upgrade should disable preview generation with the `'enable_previews'` config flag.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24734 βΌ
π Read
via "National Vulnerability Database".
MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change Settings_ pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the `Can manage settings?` permission. MyBB's Settings module, which allows administrators to add, edit, and delete non-default settings, stores setting data in an options code string ($options_code; mybb_settings.optionscode database column) that identifies the setting type and its options, separated by a new line character (\n). In MyBB 1.2.0, support for setting type php was added, for which the remaining part of the options code is PHP code executed on Change Settings pages (reserved for plugins and internal use). MyBB 1.8.30 resolves this issue. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0890 βΌ
π Read
via "National Vulnerability Database".
NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38296 βΌ
π Read
via "National Vulnerability Database".
Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would allow someone to decrypt plaintext traffic offline. Note that this does not affect security mechanisms controlled by "spark.authenticate.enableSaslEncryption", "spark.io.encryption.enabled", "spark.ssl", "spark.ui.strictTransportSecurity". Update to Apache Spark 3.1.3 or laterπ Read
via "National Vulnerability Database".
ποΈ Middleboxes now being used for DDoS attacks in the wild, Akamai finds ποΈ
π Read
via "The Daily Swig".
Malicious actors are starting to add TCP middlebox reflection to their arsenalπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Middleboxes now being used for DDoS attacks in the wild, Akamai finds
Malicious actors are starting to add TCP middlebox reflection to their arsenal
β Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads β
π Read
via "Threat Post".
The ever-shifting, ever-more-powerful malware is now hijacking email threads to download malicious DLLs that inject password-stealing code into webpages, among other foul things.π Read
via "Threat Post".
Threat Post
Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads
The ever-shifting, ever-more-powerful malware is now hijacking email threads to download malicious DLLs that inject password-stealing code into webpages, among other foul things.