βΌ CVE-2022-25462 βΌ
π Read
via "National Vulnerability Database".
Yafu v2.0 contains a segmentation fault via the component /factor/avx-ecm/vecarith52.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26007 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42194 βΌ
π Read
via "National Vulnerability Database".
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user's input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39384 βΌ
π Read
via "National Vulnerability Database".
DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26008 βΌ
π Read
via "National Vulnerability Database".
The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39383 βΌ
π Read
via "National Vulnerability Database".
DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java.π Read
via "National Vulnerability Database".
ποΈ Rust patches sneaky ReDoS bug ποΈ
π Read
via "The Daily Swig".
Regex defenses restored to thwart resource consumption trapπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Rust patches sneaky ReDoS bug
Regex defenses restored to thwart resource consumption trap
π΄ Crowdsourced Efforts Get Leveraged in Ukraine Conflict π΄
π Read
via "Dark Reading".
The battle is not just being waged in the physical world β it's also happening online. And average people are taking part, not just governments.π Read
via "Dark Reading".
Dark Reading
Crowdsourced Efforts Get Leveraged in Ukraine Conflict
The battle is not just being waged in the physical world β it's also happening online. And average people are taking part, not just governments.
π΄ Will the Biggest Clouds Win? Lessons From Google's Mandiant Buy π΄
π Read
via "Dark Reading".
Google eventually won out in the competition for Mandiant, but Microsoft's interest underscores the trend in consolidation of security services into large cloud providers, experts say.π Read
via "Dark Reading".
Dark Reading
Will the Biggest Clouds Win? Lessons From Google's Mandiant Buy
Google eventually won out in the competition for Mandiant, but Microsoft's interest underscores the trend in consolidation of security services into large cloud providers, experts say.
π΄ Ransomware Attack Led Bridgestone to Halt US Tire Production for a Week π΄
π Read
via "Dark Reading".
Japanese manufacturer confirmed a Feb. 27 attack on its US subsidiary that led to a temporary production shutdown.π Read
via "Dark Reading".
Dark Reading
Ransomware Attack Led Bridgestone to Halt US Tire Production for a Week
Japanese manufacturer confirmed a Feb. 27 attack on its US subsidiary that led to a temporary production shutdown.
βΌ CVE-2022-1035 βΌ
π Read
via "National Vulnerability Database".
Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25570 βΌ
π Read
via "National Vulnerability Database".
In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder (with the default permission model) can extend his permissions to all other password lists in the same folder.π Read
via "National Vulnerability Database".
β Bridgestone Hit as Ransomware Torches Toyota Supply Chain β
π Read
via "Threat Post".
A ransomware attack struck Bridgestone Americas, weeks after another Toyota supplier experienced the same and a third reported some kind of cyber hit.π Read
via "Threat Post".
Threat Post
Bridgestone Hit as Ransomware Torches Toyota Supply Chain
A ransomware attack struck Bridgestone Americas, weeks after another Toyota supplier experienced the same and a third reported some kind of cyber hit.
β OpenSSL patches infinite-loop DoS bug in certificate verification β
π Read
via "Naked Security".
When it comes to writing loops in your code... never sit on the fence!π Read
via "Naked Security".
Naked Security
OpenSSL patches infinite-loop DoS bug in certificate verification
When it comes to writing loops in your code⦠never sit on the fence!
π1
βΌ CVE-2020-24772 βΌ
π Read
via "National Vulnerability Database".
In Dreamacro 1.1.0, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. Windows will perform NTLM authentication when opening the SMB share and that request can be relayed (using a tool like responder) for code execution (or captured for hash cracking).π Read
via "National Vulnerability Database".
βΌ CVE-2022-26494 βΌ
π Read
via "National Vulnerability Database".
An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an administrator can update a worker name.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45117 βΌ
π Read
via "National Vulnerability Database".
The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference.π Read
via "National Vulnerability Database".
β Web vendor CafePress fined $500,000 for giving cybersecurity a low value β
π Read
via "Naked Security".
Just because you're the victim of a cybercrime doesn't let you off your cybersecurity obligationsπ Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
ποΈ NPM maintainer targets Russian users with data-wiping βprotestwareβ ποΈ
π Read
via "The Daily Swig".
GUI-rilla warfareπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
NPM maintainer targets Russian users with data-wiping βprotestwareβ
GUI-rilla warfare
π΄ Name That Toon: Sleep Like a Baby π΄
π Read
via "Dark Reading".
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Toon: Sleep Like a Baby
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
β Conti Ransomware V. 3, Including Decryptor, Leaked β
π Read
via "Threat Post".
The latest is a fresher version of the ransomware pro-Ukraine researcher ContiLeaks already released, but itβs reportedly clunkier code.π Read
via "Threat Post".
Threat Post
Conti Ransomware V. 3, Including Decryptor, Leaked
The latest is a fresher version of the ransomware pro-Ukraine researcher ContiLeaks already released, but itβs reportedly clunkier code.