π’ IoT security market to hit $59 billion by 2029 π’
π Read
via "ITPro".
The Asia Pacific region is projected to lead the market during the forecast periodπ Read
via "ITPro".
IT PRO
IoT security market to hit $59 billion by 2029 | IT PRO
The Asia Pacific region is projected to lead the market during the forecast period
π’ Cyber security certification overhaul brings new questions and longer exams π’
π Read
via "ITPro".
Fresh changes to the examination format of the prestigious CISSP exam will come into effect later this yearπ Read
via "ITPro".
IT PRO
Cyber security certification overhaul brings new questions and longer exams | IT PRO
Fresh changes to the examination format of the prestigious CISSP exam will come into effect later this year
π’ China overhauls ISP rules to better protect children online π’
π Read
via "ITPro".
New rules include 'youth modes' for all video services and mandatory security software for all new devicesπ Read
via "ITPro".
IT PRO
China overhauls ISP rules to better protect children online | IT PRO
New rules include 'youth modes' for all video services and mandatory security software for all new devices
βΌ CVE-2022-27225 βΌ
π Read
via "National Vulnerability Database".
Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safari versions, Keycloak sets a duplicate of the cookie without the Secure attribute, which allows the cookie to be sent when accessing the location that cookie is set for via HTTP. This creates the potential for an attacker (with the ability to impersonate the Gradle Enterprise host) to capture the login session of a user by having them click an http:// link to the server, despite the real server requiring HTTPS.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27223 βΌ
π Read
via "National Vulnerability Database".
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43955 βΌ
π Read
via "National Vulnerability Database".
The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43957 βΌ
π Read
via "National Vulnerability Database".
Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43956 βΌ
π Read
via "National Vulnerability Database".
The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43958 βΌ
π Read
via "National Vulnerability Database".
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials for authentication via a improper restriction of excess authentication attempts vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36519 βΌ
π Read
via "National Vulnerability Database".
Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs.)π Read
via "National Vulnerability Database".
ποΈ OpenSSL drops update addressing βhigh severityβ denial of service issue in ubiquitous encryption library ποΈ
π Read
via "The Daily Swig".
The race is on for maintainers of downstream applicationsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
OpenSSL drops update addressing βhigh severityβ denial of service issue in ubiquitous encryption library
The race is on for maintainers of downstream applications
βΌ CVE-2021-45851 βΌ
π Read
via "National Vulnerability Database".
A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0704 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21946 βΌ
π Read
via "National Vulnerability Database".
A Improper Privilege Management vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21945 βΌ
π Read
via "National Vulnerability Database".
A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46705 βΌ
π Read
via "National Vulnerability Database".
A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45852 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious attackers can add patients without restriction via add_patient.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0705 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.4.0.π Read
via "National Vulnerability Database".
π΄ What Kind Of Security Tools Should I Provide My Developers? π΄
π Read
via "Dark Reading".
Who says developers don't care about security? Give them the tools to help them build security into their code.π Read
via "Dark Reading".
Dark Reading
What Kind Of Security Tools Should I Provide My Developers?
Who says developers don't care about security? Give them the tools to help them build security into their code.
π΄ How Should My Security Analyst Use the MITRE ATT&CK Framework? π΄
π Read
via "Dark Reading".
As a curated knowledgebase for adversary behavior, the MITRE ATT&CK framework can guide defenders on how to conduct an investigation and the order of things to look for.π Read
via "Dark Reading".
Dark Reading
How Should My Security Analyst Use the MITRE ATT&CK Framework?
As a curated knowledge base for adversary behavior, the MITRE ATT&CK framework can guide defenders on how to conduct an investigation and the order of things to look for.
βΌ CVE-2021-45787 βΌ
π Read
via "National Vulnerability Database".
There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks.π Read
via "National Vulnerability Database".