βΌ CVE-2022-24741 βΌ
π Read
via "National Vulnerability Database".
Nextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial of service by uploading specially crafted files which will cause the server to allocate too much memory / CPU. It is recommended that the Nextcloud Server is upgraded to 21.0.8 , 22.2.4 or 23.0.1. Users unable to upgrade should disable preview generation with the `'enable_previews'` config flag.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24734 βΌ
π Read
via "National Vulnerability Database".
MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change Settings_ pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the `Can manage settings?` permission. MyBB's Settings module, which allows administrators to add, edit, and delete non-default settings, stores setting data in an options code string ($options_code; mybb_settings.optionscode database column) that identifies the setting type and its options, separated by a new line character (\n). In MyBB 1.2.0, support for setting type php was added, for which the remaining part of the options code is PHP code executed on Change Settings pages (reserved for plugins and internal use). MyBB 1.8.30 resolves this issue. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0890 βΌ
π Read
via "National Vulnerability Database".
NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38296 βΌ
π Read
via "National Vulnerability Database".
Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would allow someone to decrypt plaintext traffic offline. Note that this does not affect security mechanisms controlled by "spark.authenticate.enableSaslEncryption", "spark.io.encryption.enabled", "spark.ssl", "spark.ui.strictTransportSecurity". Update to Apache Spark 3.1.3 or laterπ Read
via "National Vulnerability Database".
ποΈ Middleboxes now being used for DDoS attacks in the wild, Akamai finds ποΈ
π Read
via "The Daily Swig".
Malicious actors are starting to add TCP middlebox reflection to their arsenalπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Middleboxes now being used for DDoS attacks in the wild, Akamai finds
Malicious actors are starting to add TCP middlebox reflection to their arsenal
β Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads β
π Read
via "Threat Post".
The ever-shifting, ever-more-powerful malware is now hijacking email threads to download malicious DLLs that inject password-stealing code into webpages, among other foul things.π Read
via "Threat Post".
Threat Post
Qakbot Botnet Sprouts Fangs, Injects Malware into Email Threads
The ever-shifting, ever-more-powerful malware is now hijacking email threads to download malicious DLLs that inject password-stealing code into webpages, among other foul things.
βΌ CVE-2022-0895 βΌ
π Read
via "National Vulnerability Database".
Static Code Injection in GitHub repository microweber/microweber prior to 1.3.π Read
via "National Vulnerability Database".
π΄ What Security Controls Do I Need for My Kubernetes Cluster? π΄
π Read
via "Dark Reading".
This Tech Tip offers some security controls to embed in your organization's CI/CD pipeline to protect Kubernetes clusters and corporate networks.π Read
via "Dark Reading".
Dark Reading
DR Technology
β Multi-Ransomwared Victims Have It ComingβPodcast β
π Read
via "Threat Post".
Let's blame the victim. IT decision makers' confidence about security doesn't jibe with their concession that repeated incidents are their own fault, says ExtraHop's Jamie Moles.π Read
via "Threat Post".
π RagnarLocker Ransomware Connected to Hacks at 52 Organizations π
π Read
via "".
New guidance from the FBI contains IOCs and technical details on how the ransomware spreads.π Read
via "".
Digital Guardian
RagnarLocker Ransomware Connected to Hacks at 52 Organizations
New guidance from the FBI contains IOCs and technical details on how the ransomware spreads.
β Russia May Use Ransomware Payouts to Avoid Sanctions β
π Read
via "Threat Post".
FinCEN warns financial institutions to beware of unusual cryptocurrency payments or illegal transactions Russia may use to evade restrictions imposed due to its invasion of Ukraine.π Read
via "Threat Post".
Threat Post
Russia May Use Ransomware Payouts to Avoid Sanctionsβ Financial Harm
FinCEN warns financial institutions to be ware of unusual cryptocurrency payments or illegal transactions Russia may use to ease financial hurt from Ukraine-linked sanctions.
π΄ Log4j and Livestock Apps: APT41 Wages Persistent Cyberattack Campaign on US Government π΄
π Read
via "Dark Reading".
The group's attack methods have included exploits for a zero-day vulnerability in a livestock-tracking apps as well as for the Apache Log4 flaw.π Read
via "Dark Reading".
Dark Reading
Log4j and Livestock Apps: APT41 Wages Persistent Cyberattack Campaign on US Government
The group's attack methods have included exploits for a zero-day vulnerability in a livestock-tracking apps as well as for the Apache Log4 flaw.
ποΈ 1Password increases bug bounty reward to $1 million ποΈ
π Read
via "The Daily Swig".
Researchers offered record incentive for vulnerabilities found on Bugcrowd programsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
1Password increases bug bounty reward to $1 million
Researchers offered record incentive for vulnerabilities found on Bugcrowd programs
π΄ Why You Should Be Using CISA's Catalog of Exploited Vulns π΄
π Read
via "Dark Reading".
It's a great starting point for organizations that want to ride the wave of risk-based vulnerability management rather than drowning beneath it.π Read
via "Dark Reading".
Dark Reading
Why You Should Be Using CISA's Catalog of Exploited Vulns
It's a great starting point for organizations that want to ride the wave of risk-based vulnerability management rather than drowning beneath it.
β Most Orgs Would Take Security Bugs Over Ethical Hacking Help β
π Read
via "Threat Post".
A new survey suggests that security is becoming more important for enterprises, but theyβre still falling back on old "security by obscurity" ways.π Read
via "Threat Post".
Threat Post
Most Orgs Would Take Security Bugs Over Ethical Hacking Help
A new survey suggests that security is becoming more important for enterprises, but theyβre still falling back on old "security by obscurity" ways.
ποΈ RagnarLocker ransomware struck 52 critical infrastructure entities within two years β FBI ποΈ
π Read
via "The Daily Swig".
Agency issues mitigation advice to help organizations tighten network defensesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
RagnarLocker ransomware struck 52 critical infrastructure entities within two years β FBI
Agency issues mitigation advice to help organizations tighten network defenses
π1
β S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast + Transcript]
Latest episode β listen now!
βΌ CVE-2022-0905 βΌ
π Read
via "National Vulnerability Database".
Improper Authorization in GitHub repository go-gitea/gitea prior to 1.16.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0906 βΌ
π Read
via "National Vulnerability Database".
Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12.π Read
via "National Vulnerability Database".
π Falco 0.31.1 π
π Read
via "Packet Storm Security".
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.π Read
via "Packet Storm Security".
Packetstormsecurity
Falco 0.31.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Cyber Insurance and Business Risk: How the Relationship Is Changing Reinsurance & Policy Guidance π΄
π Read
via "Dark Reading".
While cyber insurance will continue to exist, it will cost more and cover less β and that's changing the risk your company faces.π Read
via "Dark Reading".
Dark Reading
Cyber Insurance and Business Risk: How the Relationship Is Changing Reinsurance & Policy Guidance
While cyber insurance will continue to exist, it will cost more and cover less β and that's changing the risk your company faces.