βΌ CVE-2022-1035 βΌ
π Read
via "National Vulnerability Database".
Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25570 βΌ
π Read
via "National Vulnerability Database".
In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder (with the default permission model) can extend his permissions to all other password lists in the same folder.π Read
via "National Vulnerability Database".
β Bridgestone Hit as Ransomware Torches Toyota Supply Chain β
π Read
via "Threat Post".
A ransomware attack struck Bridgestone Americas, weeks after another Toyota supplier experienced the same and a third reported some kind of cyber hit.π Read
via "Threat Post".
Threat Post
Bridgestone Hit as Ransomware Torches Toyota Supply Chain
A ransomware attack struck Bridgestone Americas, weeks after another Toyota supplier experienced the same and a third reported some kind of cyber hit.
β OpenSSL patches infinite-loop DoS bug in certificate verification β
π Read
via "Naked Security".
When it comes to writing loops in your code... never sit on the fence!π Read
via "Naked Security".
Naked Security
OpenSSL patches infinite-loop DoS bug in certificate verification
When it comes to writing loops in your code⦠never sit on the fence!
π1
βΌ CVE-2020-24772 βΌ
π Read
via "National Vulnerability Database".
In Dreamacro 1.1.0, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. Windows will perform NTLM authentication when opening the SMB share and that request can be relayed (using a tool like responder) for code execution (or captured for hash cracking).π Read
via "National Vulnerability Database".
βΌ CVE-2022-26494 βΌ
π Read
via "National Vulnerability Database".
An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an administrator can update a worker name.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45117 βΌ
π Read
via "National Vulnerability Database".
The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference.π Read
via "National Vulnerability Database".
β Web vendor CafePress fined $500,000 for giving cybersecurity a low value β
π Read
via "Naked Security".
Just because you're the victim of a cybercrime doesn't let you off your cybersecurity obligationsπ Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
ποΈ NPM maintainer targets Russian users with data-wiping βprotestwareβ ποΈ
π Read
via "The Daily Swig".
GUI-rilla warfareπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
NPM maintainer targets Russian users with data-wiping βprotestwareβ
GUI-rilla warfare
π΄ Name That Toon: Sleep Like a Baby π΄
π Read
via "Dark Reading".
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Toon: Sleep Like a Baby
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card.
β Conti Ransomware V. 3, Including Decryptor, Leaked β
π Read
via "Threat Post".
The latest is a fresher version of the ransomware pro-Ukraine researcher ContiLeaks already released, but itβs reportedly clunkier code.π Read
via "Threat Post".
Threat Post
Conti Ransomware V. 3, Including Decryptor, Leaked
The latest is a fresher version of the ransomware pro-Ukraine researcher ContiLeaks already released, but itβs reportedly clunkier code.
βΌ CVE-2022-22394 βΌ
π Read
via "National Vulnerability Database".
The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node access to the vulnerable server.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26960 βΌ
π Read
via "National Vulnerability Database".
connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.π Read
via "National Vulnerability Database".
π AvosLocker Ransomware Targeting Critical Infrastructure π
π Read
via "".
The ransomware-as-a-service group continues to target critical infrastructure in the U.S.π Read
via "".
β Facestealer Trojan Hidden in Google Play Plunders Facebook Accounts β
π Read
via "Threat Post".
The trojanized Craftsart Cartoon Photo Tools app is available in the official Android app store, but it's actually spyware capable of stealing any and all information from victims' social-media accounts.π Read
via "Threat Post".
Threat Post
Facestealer Trojan Hidden in Google Play Plunders Facebook Accounts
The trojanized Craftsart Cartoon Photo Tools app is available in the official Android app store, but it's actually spyware capable of stealing any and all information from victims' social-media accounts.
βΌ CVE-2022-0364 βΌ
π Read
via "National Vulnerability Database".
The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2022-0591 βΌ
π Read
via "National Vulnerability Database".
The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated usersπ Read
via "National Vulnerability Database".
βΌ CVE-2022-24235 βΌ
π Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0590 βΌ
π Read
via "National Vulnerability Database".
The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0687 βΌ
π Read
via "National Vulnerability Database".
The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24237 βΌ
π Read
via "National Vulnerability Database".
The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands.π Read
via "National Vulnerability Database".