β DarkHotel APT Targets Wynn, Macao Hotels to Rip Off Guest Data β
π Read
via "Threat Post".
A DarkHotel phishing campaign breached luxe hotel networks, including Wynn Palace and the Grand Coloane Resort in Macao, a new report says.π Read
via "Threat Post".
Threat Post
DarkHotel APT Targets Wynn, Macao Hotels to Rip Off Guest Data
A DarkHotel phishing campaign breached luxe hotel networks, including Wynn Palace and the Grand Coloane Resort in Macao, a new report says.
π΄ Menlo Security: Less Than Three in 10 Organizations Are Equipped to Combat Growing Wave of Web-Based Cyber Threats π΄
π Read
via "Dark Reading".
Report finds that 62 percent of IT decision makers have suffered a browser-based attack in the past 12 months.π Read
via "Dark Reading".
Dark Reading
Menlo Security: Less Than Three in 10 Organizations Are Equipped to Combat Growing Wave of Web-Based Cyber Threats
Report finds that 62 percent of IT decision makers have suffered a browser-based attack in the past 12 months.
π΄ A Chance to Raise Shields Right π΄
π Read
via "Dark Reading".
CISA's "Shields Up" alert provides urgency β and opportunity β for supply chain conversations.π Read
via "Dark Reading".
Dark Reading
A Chance to Raise Shields Right
CISA's "Shields Up" alert provides urgency β and opportunity β for supply chain conversations.
π΄ CyCognito Launches Exploit Intelligence π΄
π Read
via "Dark Reading".
Risk intelligence solution provides insight, visibility, and guidance to identify, prioritize, and remediate vulnerabilities like Log4jπ Read
via "Dark Reading".
Dark Reading
CyCognito Launches Exploit Intelligence
Risk intelligence solution provides insight, visibility, and guidance to identify, prioritize, and remediate vulnerabilities like Log4j
βΌ CVE-2022-22611 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22617 βΌ
π Read
via "National Vulnerability Database".
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22656 βΌ
π Read
via "National Vulnerability Database".
An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in userΓ’β¬β’s desktop from the fast user switching screen.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25605 βΌ
π Read
via "National Vulnerability Database".
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22618 βΌ
π Read
via "National Vulnerability Database".
This issue was addressed with improved checks. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22626 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.π Read
via "National Vulnerability Database".
βΌ CVE-2021-30771 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6, watchOS 7.5, tvOS 14.6. Processing a maliciously crafted font file may lead to arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27243 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25603 βΌ
π Read
via "National Vulnerability Database".
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5).π Read
via "National Vulnerability Database".
βΌ CVE-2022-22671 βΌ
π Read
via "National Vulnerability Database".
An authentication issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to access photos from the lock screen.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22586 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22666 βΌ
π Read
via "National Vulnerability Database".
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. Processing a maliciously crafted image may lead to heap corruption.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22596 βΌ
π Read
via "National Vulnerability Database".
A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22603 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1011 βΌ
π Read
via "National Vulnerability Database".
A flaw use after free in the Linux kernel FUSE filesystem was found in the way user triggers write(). A local user could use this flaw to get some unauthorized access to some data from the FUSE filesystem and as result potentially privilege escalation too.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22627 βΌ
π Read
via "National Vulnerability Database".
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0547 βΌ
π Read
via "National Vulnerability Database".
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.π Read
via "National Vulnerability Database".