βΌ CVE-2022-24728 βΌ
π Read
via "National Vulnerability Database".
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.π Read
via "National Vulnerability Database".
π΄ Microsoft the No. 1 Most-Spoofed Brand in Phishing Attacks π΄
π Read
via "Dark Reading".
New Barracuda Networks data shows attackers sent some 3 million emails from around 12,000 pilfered accounts.π Read
via "Dark Reading".
Dark Reading
Microsoft the No. 1 Most-Spoofed Brand in Phishing Attacks
New Barracuda Networks data shows attackers sent some 3 million emails from around 12,000 pilfered accounts.
π1
π΄ What the Newly Signed US Cyber-Incident Law Means for Security π΄
π Read
via "Dark Reading".
Bipartisan cybersecurity legislation comes amid increased worries over ransomware, and fears of cyberattacks from Russia in the wake of its invasion of Ukraine.π Read
via "Dark Reading".
Dark Reading
What the Newly Signed US Cyber-Incident Law Means for Security
Bipartisan cybersecurity legislation comes amid increased worries over ransomware, and fears of cyberattacks from Russia in the wake of its invasion of Ukraine.
βΌ CVE-2022-26295 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in /ptms/?page=user of Online Project Time Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user name field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26293 βΌ
π Read
via "National Vulnerability Database".
Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php.π Read
via "National Vulnerability Database".
π΄ 4 Critical Capabilities for a SaaS Security Posture Management (SSPM) Solution π΄
π Read
via "Dark Reading".
The need for deep visibility and remediation for SaaS security settings is critical. If you're considering a SaaS Security Posture Management solution, hereβs a checklist of what to look for.π Read
via "Dark Reading".
Dark Reading
4 Critical Capabilities for a SaaS Security Posture Management (SSPM) Solution
The need for deep visibility and remediation for SaaS security settings is critical. If you're considering a SaaS Security Posture Management solution, hereβs a checklist of what to look for.
π΄ How Pen Testing Gains Critical Security Buy-in and Defense Insight π΄
π Read
via "Dark Reading".
It's more important than ever for companies to challenge their defenses, learning about new gaps and opportunities for improvement along the way.π Read
via "Dark Reading".
Dark Reading
How Pen Testing Gains Critical Security Buy-in and Defense Insight
It's more important than ever for companies to challenge their defenses, learning about new gaps and opportunities for improvement along the way.
π΄ TAC Security Survey Reveals: 88% of Businesses Rely on Manual Processes to Identify Network Vulnerabilities π΄
π Read
via "Dark Reading".
π Read
via "Dark Reading".
Dark Reading
TAC Security Survey Reveals: 88% of Businesses Rely on Manual Processes to Identify Network Vulnerabilities
βΌ CVE-2022-24075 βΌ
π Read
via "National Vulnerability Database".
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24074 βΌ
π Read
via "National Vulnerability Database".
Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24073 βΌ
π Read
via "National Vulnerability Database".
The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24072 βΌ
π Read
via "National Vulnerability Database".
The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1000 βΌ
π Read
via "National Vulnerability Database".
Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45791 βΌ
π Read
via "National Vulnerability Database".
Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45792 βΌ
π Read
via "National Vulnerability Database".
Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php.π Read
via "National Vulnerability Database".
π΄ Enhancing DLP With Natural Language Understanding for Better Email Security π΄
π Read
via "Dark Reading".
Natural language understanding is well-suited for scanning enterprise email to detect and filter out spam and other malicious content. Armorblox introduces a data loss prevention service to its email security platform using NLU.π Read
via "Dark Reading".
Dark Reading
Enhancing DLP With Natural Language Understanding for Better Email Security
Natural language understanding is well-suited for scanning enterprise email to detect and filter out spam and other malicious content. Armorblox introduces a data loss prevention service to its email security platform using NLU.
ποΈ βFox guarding the henhouseβ β Founder of cyber-fraud prevention company pleads guilty to defrauding investors ποΈ
π Read
via "The Daily Swig".
Adam Rogas has been charged with using fraudulent financial data to secure more than $100m in fundingπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
βFox guarding the henhouseβ β Founder of cyber-fraud prevention company pleads guilty to defrauding investors
Adam Rogas has been charged with using fraudulent financial data to secure more than $100m in funding
π’ Germany advises against using Kaspersky software due to hacking risk π’
π Read
via "ITPro".
The Moscow-headquartered cyber security company has a history of being targeted for its alleged links to the Russian stateπ Read
via "ITPro".
IT PRO
Germany advises against using Kaspersky software due to hacking risk | IT PRO
The Moscow-headquartered cyber security company has a history of being targeted for its alleged links to the Russian state
π’ NortonLifeLock and Avast merger could reduce competition, CMA warns π’
π Read
via "ITPro".
The watchdog will launch a phase two investigation into the merger unless NortonLifeLock and Avast address its concerns within five daysπ Read
via "ITPro".
IT PRO
NortonLifeLock and Avast merger could reduce competition, CMA warns | IT PRO
The watchdog will launch a phase two investigation into the merger unless NortonLifeLock and Avast address its concerns within five days
π’ NSW ditches e-voting system for 2023 election π’
π Read
via "ITPro".
The electoral commissioner has suggested there should be a review of internet voting following the problems with the system found last Decemberπ Read
via "ITPro".
IT PRO
NSW ditches e-voting system for 2023 election | IT PRO
The electoral commissioner has suggested there should be a review of internet voting following the problems with the system found last December
β CISA warning: βRussian actors bypassed 2FAβ β what happened and how to avoid it β
π Read
via "Naked Security".
Don't leave old accounts lying around where someone sketchy could reactivate them.π Read
via "Naked Security".
Naked Security
CISA warning: βRussian actors bypassed 2FAβ β what happened and how to avoid it
Donβt leave old accounts lying around where someone sketchy could reactivate them.