ποΈ Microsoft praised for quickly resolving Azure Automation cloud security vulnerability ποΈ
π Read
via "The Daily Swig".
Automatic for the peopleπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Microsoft praised for quickly resolving Azure Automation cloud security vulnerability
Automatic for the people
βΌ CVE-2022-0870 βΌ
π Read
via "National Vulnerability Database".
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0871 βΌ
π Read
via "National Vulnerability Database".
Improper Authorization in GitHub repository gogs/gogs prior to 0.12.5.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0928 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12.π Read
via "National Vulnerability Database".
π Friday Five 3/11 π
π Read
via "".
Why the healthcare industry should invest in cybersecurity, a critical Azure bug fixed, and more - catch up on the infosec news of the week!π Read
via "".
Digital Guardian
Friday Five 3/11
Why the healthcare industry should invest in cybersecurity, a critical Azure bug fixed, and more - catch up on the infosec news of the week!
β S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep73: Ransomware with a difference, dirty Linux pipes, and much more [Podcast + Transcript]
Latest episode β listen now!
ποΈ UK ferry operator Wightlink flags potential data breach after βhighly sophisticatedβ cyber-attack ποΈ
π Read
via "The Daily Swig".
Personal data potentially compromised, but English Channel crossings unaffectedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
UK ferry operator Wightlink flags potential data breach after βhighly sophisticatedβ cyber-attack
Personal data potentially compromised, but English Channel crossings unaffected
β Raccoon Stealer Crawls Into Telegram β
π Read
via "Threat Post".
The credential-stealing trash panda is using the chat app to store and update C2 addresses as crooks find creative new ways to distribute the malware.π Read
via "Threat Post".
Threat Post
Raccoon Stealer Crawls Into Telegram
The credential-stealing trash panda is using the chat app to store and update C2 addresses as crooks find creative new ways to distribute the malware.
π1
βΌ CVE-2022-21819 βΌ
π Read
via "National Vulnerability Database".
NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of service, code execution, escalation of privileges, and impact to data integrity and confidentiality. The scope impact may extend to other components.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0860 βΌ
π Read
via "National Vulnerability Database".
Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.π Read
via "National Vulnerability Database".
π΄ How to Combat the No. 1 Cause of Security Breaches: Complexity π΄
π Read
via "Dark Reading".
The scaling of hardware, software and people has created an ever-growing complexity problem.π Read
via "Dark Reading".
Dark Reading
How to Combat the No. 1 Cause of Security Breaches: Complexity
The scaling of hardware, software and people has created an ever-growing complexity problem.
β Alleged Kaseya ransomware attacker arrives in Texas for trial β
π Read
via "Naked Security".
The US Independence Day weekend of 2021 wasn't much of a holiday for cybersecurity staff. That was when the Kaseya attack unfolded...π Read
via "Naked Security".
Naked Security
Alleged Kaseya ransomware attacker arrives in Texas for trial
The US Independence Day weekend of 2021 wasnβt much of a holiday for cybersecurity staff. That was when the Kaseya attack unfoldedβ¦
ποΈ Stats widget hacked in attempt to breach Russian government agency websites ποΈ
π Read
via "The Daily Swig".
The software was reportedly used as part of a short-lived software supply chain attackπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Stats widget hacked in attempt to breach Russian government agency websites
The software was reportedly used as part of a short-lived software supply chain attack
βΌ CVE-2021-44618 βΌ
π Read
via "National Vulnerability Database".
A Server-side Template Injection (SSTI) vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0932 βΌ
π Read
via "National Vulnerability Database".
Improper Authorization in GitHub repository saleor/saleor prior to 3.1.2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44620 βΌ
π Read
via "National Vulnerability Database".
A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters.π Read
via "National Vulnerability Database".
βοΈ Report: Recent 10x Increase in Cyberattacks on Ukraine βοΈ
π Read
via "Krebs on Security".
As their cities suffered more intense bombardment by Russian military forces this week, Ukrainian Internet users came under renewed cyberattacks, with one Internet company providing service there saying they blocked ten times the normal number of phishing and malware attacks targeting Ukrainians.π Read
via "Krebs on Security".
Krebsonsecurity
Report: Recent 10x Increase in Cyberattacks on Ukraine
As their cities suffered more intense bombardment by Russian military forces this week, Ukrainian Internet users came under renewed cyberattacks, with one Internet company providing service there saying they blocked ten times the normal number of phishingβ¦
β Russia Issues Its Own TLS Certs β
π Read
via "Threat Post".
The countryβs citizens are being blocked from the internet because foreign certificate authorities can't accept payments due to Ukraine-related sanctions, so it created its own CA.π Read
via "Threat Post".
Threat Post
Russia Issues Its Own TLS Certs
The countryβs citizens are being blocked from the internet because foreign certificate authorities can't accept payments due to Ukraine-related sanctions, so it created its own CA.
βΌ CVE-2021-26401 βΌ
π Read
via "National Vulnerability Database".
LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24095 βΌ
π Read
via "National Vulnerability Database".
Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23930 βΌ
π Read
via "National Vulnerability Database".
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.π Read
via "National Vulnerability Database".