βΌ CVE-2022-20001 βΌ
π Read
via "National Vulnerability Database".
fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing to a directory automatically runs `git` commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory into one controlled by the attacker, such as on a shared file system or extracted archive, fish will run arbitrary commands under the attacker's control. This problem has been fixed in fish 3.4.0. Note that running git in these directories, including using the git tab completion, remains a potential trigger for this issue. As a workaround, remove the `fish_git_prompt` function from the prompt.π Read
via "National Vulnerability Database".
β Staff Think Conti Group Is a Legit Employer β Podcast β
π Read
via "Threat Post".
The ransomware groupβs benefits β bonuses, employee of the month, performance reviews & top-notch training β might be better than yours, says BreachQuestβs Marco Figueroa.π Read
via "Threat Post".
βΌ CVE-2022-24743 βΌ
π Read
via "National Vulnerability Database".
Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\Bundle\ApiBundle\CommandHandler\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24742 βΌ
π Read
via "National Vulnerability Database".
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. The application must strictly redirect to login page even browser back button is pressed. Another possibility is to set more strict cache policies for restricted content.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0943 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0945 βΌ
π Read
via "National Vulnerability Database".
Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0944 βΌ
π Read
via "National Vulnerability Database".
Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1.π Read
via "National Vulnerability Database".
ποΈ Israeli government websites temporarily knocked offline by βmassiveβ cyber-attack ποΈ
π Read
via "The Daily Swig".
DDoS assault blamed on Iran, local media reportsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Israeli government websites temporarily knocked offline by βmassiveβ cyber-attack
DDoS assault blamed on Iran, local media reports
βΌ CVE-2022-0893 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0894 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.π Read
via "National Vulnerability Database".
β Pandora Ransomware Hits Giant Automotive Supplier Denso β
π Read
via "Threat Post".
Denso confirmed that cybercriminals leaked stolen, classified information from the Japan-based car-components manufacturer after an attack on one of its offices in Germany.π Read
via "Threat Post".
Threat Post
Pandora Ransomware Hits Giant Automotive Supplier Denso
Denso confirmed that cybercriminals leaked stolen, classified information from the Japan-based car-components manufacturer after an attack on one of its offices in Germany.
π΄ SentinelOne to Buy Attivo Networks in $616.5M Deal π΄
π Read
via "Dark Reading".
Attivo's identity threat detection and response is "an integral part" of SentinelOne's XDR strategy, SentinelOne CEO says.π Read
via "Dark Reading".
Dark Reading
SentinelOne to Buy Attivo Networks in $616.5M Deal
Attivo's identity threat detection and response is "an integral part" of SentinelOne's XDR strategy, SentinelOne CEO says.
π1
βΌ CVE-2022-0957 βΌ
π Read
via "National Vulnerability Database".
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0954 βΌ
π Read
via "National Vulnerability Database".
Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45010 βΌ
π Read
via "National Vulnerability Database".
Path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager Project's Tiny File Manager 2.4.1 allows remote attackers with valid user accounts to upload malicious PHP files to the webroot and achieve code execution on the target server.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0956 βΌ
π Read
via "National Vulnerability Database".
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4.π Read
via "National Vulnerability Database".
π΄ Windstream Enterprise Delivers Comprehensive Managed SASE Solution With Cato Networks π΄
π Read
via "Dark Reading".
Windstream Enterpriseβs convergence of networking and security addresses modern-day challenges of digital business transformation, cybersecurity and workforce mobility.βπ Read
via "Dark Reading".
Dark Reading
Windstream Enterprise Delivers Comprehensive Managed SASE Solution With Cato Networks
Windstream Enterpriseβs convergence of networking and security addresses modern-day challenges of digital business transformation, cybersecurity and workforce mobility.β
π΄ As Log4j Continues to Remind Us, What's Old Is New Again π΄
π Read
via "Dark Reading".
We need to focus on the bad guys and their methods instead of playing whack-a-mole with indicators of compromise.π Read
via "Dark Reading".
Dark Reading
As Log4j Continues to Remind Us, What's Old Is New Again
We need to focus on the bad guys and their methods instead of playing whack-a-mole with indicators of compromise.
π΄ Cowbell Cyber Raises $100M in Series B Funding to Further Develop Cyber-Risk Underwriting π΄
π Read
via "Dark Reading".
Led by Anthemis Group, funding fuels investment in go-to-market expansion, closed-loop risk management, and risk-bearing capabilities.π Read
via "Dark Reading".
Dark Reading
Cowbell Cyber Raises $100M in Series B Funding to Further Develop Cyber-Risk Underwriting
Led by Anthemis Group, funding fuels investment in go-to-market expansion, closed-loop risk management, and risk-bearing capabilities.
π΄ e2e-assure Launches New Microsoft Defender-Focused SOC Services π΄
π Read
via "Dark Reading".
They are aimed at helping organizations kickstart their cyber-risk management.π Read
via "Dark Reading".
Dark Reading
e2e-assure Launches New Microsoft Defender-Focused SOC Services
They are aimed at helping organizations kickstart their cyber-risk management.
ποΈ Node.js security: Parse Server remote code execution vulnerability resolved ποΈ
π Read
via "The Daily Swig".
GitHub has awarded the bug a severity score of 10 β the highest availableπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Node.js security: Parse Server remote code execution vulnerability resolved
GitHub has awarded the bug a severity score of 10 β the highest available