βΌ CVE-2022-0894 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.π Read
via "National Vulnerability Database".
β Pandora Ransomware Hits Giant Automotive Supplier Denso β
π Read
via "Threat Post".
Denso confirmed that cybercriminals leaked stolen, classified information from the Japan-based car-components manufacturer after an attack on one of its offices in Germany.π Read
via "Threat Post".
Threat Post
Pandora Ransomware Hits Giant Automotive Supplier Denso
Denso confirmed that cybercriminals leaked stolen, classified information from the Japan-based car-components manufacturer after an attack on one of its offices in Germany.
π΄ SentinelOne to Buy Attivo Networks in $616.5M Deal π΄
π Read
via "Dark Reading".
Attivo's identity threat detection and response is "an integral part" of SentinelOne's XDR strategy, SentinelOne CEO says.π Read
via "Dark Reading".
Dark Reading
SentinelOne to Buy Attivo Networks in $616.5M Deal
Attivo's identity threat detection and response is "an integral part" of SentinelOne's XDR strategy, SentinelOne CEO says.
π1
βΌ CVE-2022-0957 βΌ
π Read
via "National Vulnerability Database".
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0954 βΌ
π Read
via "National Vulnerability Database".
Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45010 βΌ
π Read
via "National Vulnerability Database".
Path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager Project's Tiny File Manager 2.4.1 allows remote attackers with valid user accounts to upload malicious PHP files to the webroot and achieve code execution on the target server.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0956 βΌ
π Read
via "National Vulnerability Database".
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4.π Read
via "National Vulnerability Database".
π΄ Windstream Enterprise Delivers Comprehensive Managed SASE Solution With Cato Networks π΄
π Read
via "Dark Reading".
Windstream Enterpriseβs convergence of networking and security addresses modern-day challenges of digital business transformation, cybersecurity and workforce mobility.βπ Read
via "Dark Reading".
Dark Reading
Windstream Enterprise Delivers Comprehensive Managed SASE Solution With Cato Networks
Windstream Enterpriseβs convergence of networking and security addresses modern-day challenges of digital business transformation, cybersecurity and workforce mobility.β
π΄ As Log4j Continues to Remind Us, What's Old Is New Again π΄
π Read
via "Dark Reading".
We need to focus on the bad guys and their methods instead of playing whack-a-mole with indicators of compromise.π Read
via "Dark Reading".
Dark Reading
As Log4j Continues to Remind Us, What's Old Is New Again
We need to focus on the bad guys and their methods instead of playing whack-a-mole with indicators of compromise.
π΄ Cowbell Cyber Raises $100M in Series B Funding to Further Develop Cyber-Risk Underwriting π΄
π Read
via "Dark Reading".
Led by Anthemis Group, funding fuels investment in go-to-market expansion, closed-loop risk management, and risk-bearing capabilities.π Read
via "Dark Reading".
Dark Reading
Cowbell Cyber Raises $100M in Series B Funding to Further Develop Cyber-Risk Underwriting
Led by Anthemis Group, funding fuels investment in go-to-market expansion, closed-loop risk management, and risk-bearing capabilities.
π΄ e2e-assure Launches New Microsoft Defender-Focused SOC Services π΄
π Read
via "Dark Reading".
They are aimed at helping organizations kickstart their cyber-risk management.π Read
via "Dark Reading".
Dark Reading
e2e-assure Launches New Microsoft Defender-Focused SOC Services
They are aimed at helping organizations kickstart their cyber-risk management.
ποΈ Node.js security: Parse Server remote code execution vulnerability resolved ποΈ
π Read
via "The Daily Swig".
GitHub has awarded the bug a severity score of 10 β the highest availableπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Node.js security: Parse Server remote code execution vulnerability resolved
GitHub has awarded the bug a severity score of 10 β the highest available
βΌ CVE-2022-24755 βΌ
π Read
via "National Vulnerability Database".
Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, it will skip authorization checks completely. Expired accounts and accounts with expired passwords can still login. This problem will affect users that have PAM enabled. Currently there is no authorization (e.g. check for expired or disabled accounts), but only plain authentication (i.e. check if username and password match). Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 implement the authorization check that was previously missing. The only workaround is to make sure that authentication fails if the user is not authorized.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0961 βΌ
π Read
via "National Vulnerability Database".
The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0942 βΌ
π Read
via "National Vulnerability Database".
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24752 βΌ
π Read
via "National Vulnerability Database".
SyliusGridBundle is a package of generic data grids for Symfony applications. Prior to versions 1.10.1 and 1.11-rc2, values added at the end of query sorting were passed directly to the database. The maintainers do not know if this could lead to direct SQL injections but took steps to remediate the vulnerability. The issue is fixed in versions 1.10.1 and 1.11-rc2. As a workaround, overwrite the`Sylius\Component\Grid\Sorting\Sorter.php` class and register it in the container. More information about this workaround is available in the GitHub Security Advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24721 βΌ
π Read
via "National Vulnerability Database".
CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may be able to watch cluster-internal traffic that contains other users' (possibly sensitive) data. By publishing to those channels, a remote user may be able to create/modify/delete other user's data and modify the cluster structure. A fix is available in versions 5.0.11, 6.0.6, and 7.0.6. As a workaround, install a custom `SecurityPolicy` that forbids subscription and publishing to remote, non-Oort, sessions on Oort and Seti channels.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0430 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository httpie/httpie prior to 3.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24756 βΌ
π Read
via "National Vulnerability Database".
Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, a failed PAM authentication will leak a small amount of memory. An attacker that is able to use the PAM Console (i.e. by knowing the shared secret or via the WebUI) can flood the Director with failing login attempts which will eventually lead to an out-of-memory condition in which the Director will not work anymore. Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 contain a Bugfix for this problem. Users who are unable to upgrade may disable PAM authentication as a workaround.π Read
via "National Vulnerability Database".
βοΈ Lawmakers Probe Early Release of Top RU Cybercrook βοΈ
π Read
via "Krebs on Security".
Aleksei Burkov, a cybercriminal who long operated two of Russia's most exclusive underground hacking forums, was arrested in 2015 by Israeli authorities. The Russian government fought Burkov's extradition to the U.S. for four years -- even arresting and jailing an Israeli woman to force a prisoner swap. That effort failed: Burkov was sent to America, pleaded guilty, and was sentenced to nine years in prison. But a little more than a year later, he was quietly released and deported back to Russia. Now some Republican lawmakers are asking why a Russian hacker once described as "an asset of supreme importance" was allowed to shorten his stay.π Read
via "Krebs on Security".
Krebsonsecurity
Lawmakers Probe Early Release of Top RU Cybercrook
Aleksei Burkov, a cybercriminal who long operated two of Russia's most exclusive underground hacking forums, was arrested in 2015 by Israeli authorities. The Russian government fought Burkov's extradition to the U.S. for four years -- even arresting and jailingβ¦
β Apple patches 87 security holes β from iPhones and Macs to Windows β
π Read
via "Naked Security".
Lots of fixes, with data leakage flaws and code execution bugs patched on iPhones, Macs and even Windows.π Read
via "Naked Security".
Naked Security
Apple patches 87 security holes β from iPhones and Macs to Windows
Lots of fixes, with data leakage flaws and code execution bugs patched on iPhones, Macs and even Windows.