βΌ CVE-2021-44759 βΌ
π Read
via "National Vulnerability Database".
Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack. This issue affects Apache Traffic Server 8.0.0 to 8.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0886 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-27666. Reason: This candidate is a reservation duplicate of CVE-2022-27666. Notes: All CVE users should reference CVE-2022-27666 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0861 βΌ
π Read
via "National Vulnerability Database".
A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. The impact is limited to some access to confidential information and some ability to alter data.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0858 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to potentially obtain access to an ePO administrator's session by convincing the attacker to click on a carefully crafted link. This would lead to limited ability to alter some information in ePO due to the area of the User Interface the vulnerability is present in.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44040 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0862 βΌ
π Read
via "National Vulnerability Database".
A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to change the password of a compromised session without knowing the existing user's password. This functionality was removed from the User Interface in ePO 10 and the API has now been disabled. Other protection is in place to reduce the likelihood of this being successful through sending a link to a logged in user.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0859 βΌ
π Read
via "National Vulnerability Database".
McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a local attacker to point an ePO server to an arbitrary SQL server during the restoration of the ePO server. To achieve this the attacker would have to be logged onto the server hosting the ePO server (restricted to administrators) and to know the SQL server password.π Read
via "National Vulnerability Database".
β Web vendor CafePress fined $500,000 for giving cybersecurity a low value β
π Read
via "Naked Security".
Just because you're the victim of a cybercrime doesn't let you off your cybersecurity obligationsπ Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β DeadBolt Ransomware Resurfaces to Hit QNAP Again β
π Read
via "Threat Post".
A new steady stream of attacks against network-attached storage devices from the Taiwan-based vendor is similar to a wave that occurred in January.π Read
via "Threat Post".
Threat Post
DeadBolt Ransomware Resurfaces to Hit QNAP Again
A new steady stream of attacks against network-attached storage devices from the Taiwan-based vendor is similar to a wave that occurred in January.
π΄ Cyber Insurance and War Exclusions π΄
π Read
via "Dark Reading".
Here's what a cybersecurity lawyer thinks security pros need to know in light of Russia's invasion of Ukraine.π Read
via "Dark Reading".
Dark Reading
Cyber Insurance and War Exclusions
Here's what a cybersecurity lawyer thinks security pros need to know in light of Russia's invasion of Ukraine.
π΄ Could Gaming Close the Cyberskills Gap? π΄
π Read
via "Dark Reading".
The Wicked6 hackathon helps women to develop their professional cybersecurity skills while networking and playing games.π Read
via "Dark Reading".
Dark Reading
Could Gaming Close the Cyberskills Gap?
The Wicked6 hackathon helps women to develop their professional cybersecurity skills while networking and playing games.
β Serious Security: DEADBOLT β the ransomware that goes straight for for your backups β
π Read
via "Naked Security".
Some tips on how to keep your network safe - even (or perhaps especially!) if you think you're safe already.π Read
via "Naked Security".
Naked Security
Serious Security: DEADBOLT β the ransomware that goes straight for your backups
Some tips on how to keep your network safe β even (or perhaps especially!) if you think youβre safe already.
βΌ CVE-2021-43736 βΌ
π Read
via "National Vulnerability Database".
CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log ruleπ Read
via "National Vulnerability Database".
βΌ CVE-2021-43738 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can that can add the administrator account.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22316 βΌ
π Read
via "National Vulnerability Database".
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service due to incorrectly configured authorization checks. IBM X-Force ID: 218276.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44139 βΌ
π Read
via "National Vulnerability Database".
Sentinel 1.8.2 is vulnerable to Server-side request forgery (SSRF).π Read
via "National Vulnerability Database".
βΌ CVE-2021-43737 βΌ
π Read
via "National Vulnerability Database".
An issus was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can modify administrator account's password.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43735 βΌ
π Read
via "National Vulnerability Database".
CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23242 βΌ
π Read
via "National Vulnerability Database".
TeamViewer Linux versions before 15.28 do not properly execute a deletion command for the connection password in case of a process crash. Knowledge of the crash event and the TeamViewer ID as well as either possession of the pre-crash connection password or local authenticated access to the machine would have allowed to establish a remote connection by reusing the not properly deleted connection password.π Read
via "National Vulnerability Database".
π Cybercrime Cost U.S. $6.9 Billion in 2021 π
π Read
via "".
The FBI's annual look at phishing, scam, and personal data breach statistics is out.π Read
via "".
Digital Guardian
Cybercrime Cost U.S. $6.9 Billion in 2021
The FBI's annual look at phishing, scam, and personal data breach statistics is out.
π΄ Okta Says 366 Customers Impacted via Third-Party Breach π΄
π Read
via "Dark Reading".
Microsoft meanwhile confirms Lapsus$ group compromised it as well and issues warning on threat actor.π Read
via "Dark Reading".
Dark Reading
Okta Says 366 Customers Impacted via Third-Party Breach
Microsoft meanwhile confirms Lapsus$ group compromised it as well and issues warning on threat actor.