βΌ CVE-2022-24074 βΌ
π Read
via "National Vulnerability Database".
Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24073 βΌ
π Read
via "National Vulnerability Database".
The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24072 βΌ
π Read
via "National Vulnerability Database".
The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1000 βΌ
π Read
via "National Vulnerability Database".
Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45791 βΌ
π Read
via "National Vulnerability Database".
Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45792 βΌ
π Read
via "National Vulnerability Database".
Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php.π Read
via "National Vulnerability Database".
π΄ Enhancing DLP With Natural Language Understanding for Better Email Security π΄
π Read
via "Dark Reading".
Natural language understanding is well-suited for scanning enterprise email to detect and filter out spam and other malicious content. Armorblox introduces a data loss prevention service to its email security platform using NLU.π Read
via "Dark Reading".
Dark Reading
Enhancing DLP With Natural Language Understanding for Better Email Security
Natural language understanding is well-suited for scanning enterprise email to detect and filter out spam and other malicious content. Armorblox introduces a data loss prevention service to its email security platform using NLU.
ποΈ βFox guarding the henhouseβ β Founder of cyber-fraud prevention company pleads guilty to defrauding investors ποΈ
π Read
via "The Daily Swig".
Adam Rogas has been charged with using fraudulent financial data to secure more than $100m in fundingπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
βFox guarding the henhouseβ β Founder of cyber-fraud prevention company pleads guilty to defrauding investors
Adam Rogas has been charged with using fraudulent financial data to secure more than $100m in funding
π’ Germany advises against using Kaspersky software due to hacking risk π’
π Read
via "ITPro".
The Moscow-headquartered cyber security company has a history of being targeted for its alleged links to the Russian stateπ Read
via "ITPro".
IT PRO
Germany advises against using Kaspersky software due to hacking risk | IT PRO
The Moscow-headquartered cyber security company has a history of being targeted for its alleged links to the Russian state
π’ NortonLifeLock and Avast merger could reduce competition, CMA warns π’
π Read
via "ITPro".
The watchdog will launch a phase two investigation into the merger unless NortonLifeLock and Avast address its concerns within five daysπ Read
via "ITPro".
IT PRO
NortonLifeLock and Avast merger could reduce competition, CMA warns | IT PRO
The watchdog will launch a phase two investigation into the merger unless NortonLifeLock and Avast address its concerns within five days
π’ NSW ditches e-voting system for 2023 election π’
π Read
via "ITPro".
The electoral commissioner has suggested there should be a review of internet voting following the problems with the system found last Decemberπ Read
via "ITPro".
IT PRO
NSW ditches e-voting system for 2023 election | IT PRO
The electoral commissioner has suggested there should be a review of internet voting following the problems with the system found last December
β CISA warning: βRussian actors bypassed 2FAβ β what happened and how to avoid it β
π Read
via "Naked Security".
Don't leave old accounts lying around where someone sketchy could reactivate them.π Read
via "Naked Security".
Naked Security
CISA warning: βRussian actors bypassed 2FAβ β what happened and how to avoid it
Donβt leave old accounts lying around where someone sketchy could reactivate them.
β Beware bogus Betas β cryptocoin scammers abuse Appleβs TestFlight system β
π Read
via "Naked Security".
"Install this moneymaking app" - this one is so special that it isn't available on Google Play or the App Store!π Read
via "Naked Security".
Naked Security
Beware bogus Betas β cryptocoin scammers abuse Appleβs TestFlight system
βInstall this moneymaking appβ β this one is so special that it isnβt available on Google Play or the App Store!
β S3 Ep74: Cybercrime busts, Apple patches, Pi Day, and disconnect effects [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep74: Cybercrime busts, Apple patches, Pi Day, and disconnect effects [Podcast]
Latest episode β listen now!
π΄ Cut Down on Alert Overload and Leverage Layered Security Measures π΄
π Read
via "Dark Reading".
Feeling overwhelmed by the number of alerts? It doesn't have to be that way.π Read
via "Dark Reading".
Dark Reading
Cut Down on Alert Overload and Leverage Layered Security Measures
Feeling overwhelmed by the number of alerts? It doesn't have to be that way.
βΌ CVE-2022-24761 βΌ
π Read
via "National Vulnerability Database".
Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This would allow requests to be smuggled via the front-end proxy to waitress and later behavior. There are two classes of vulnerability that may lead to request smuggling that are addressed by this advisory: The use of Python's `int()` to parse strings into integers, leading to `+10` to be parsed as `10`, or `0x01` to be parsed as `1`, where as the standard specifies that the string should contain only digits or hex digits; and Waitress does not support chunk extensions, however it was discarding them without validating that they did not contain illegal characters. This vulnerability has been patched in Waitress 2.1.1. A workaround is available. When deploying a proxy in front of waitress, turning on any and all functionality to make sure that the request matches the RFC7230 standard. Certain proxy servers may not have this functionality though and users are encouraged to upgrade to the latest version of waitress instead.π Read
via "National Vulnerability Database".
βΌ CVE-2021-23632 βΌ
π Read
via "National Vulnerability Database".
All versions of package git are vulnerable to Remote Code Execution (RCE) due to missing sanitization in the Git.git method, which allows execution of OS commands rather than just git commands. Steps to Reproduce 1. Create a file named exploit.js with the following content: js var Git = require("git").Git; var repo = new Git("repo-test"); var user_input = "version; date"; repo.git(user_input, function(err, result) { console.log(result); }) 2. In the same directory as exploit.js, run npm install git. 3. Run exploit.js: node exploit.js. You should see the outputs of both the git version and date command-lines. Note that the repo-test Git repository does not need to be present to make this PoC work.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-44260 βΌ
π Read
via "National Vulnerability Database".
A vulnerability is in the 'live_mfg.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information of the manager of router.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44908 βΌ
π Read
via "National Vulnerability Database".
SailsJS Sails.js <=1.4.0 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules().π Read
via "National Vulnerability Database".
βΌ CVE-2021-44261 βΌ
π Read
via "National Vulnerability Database".
A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44262 βΌ
π Read
via "National Vulnerability Database".
A vulnerability is in the 'MNU_top.htm' page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device.π Read
via "National Vulnerability Database".