βΌ CVE-2022-25266 βΌ
π Read
via "National Vulnerability Database".
Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal (to read files).π Read
via "National Vulnerability Database".
βΌ CVE-2020-20093 βΌ
π Read
via "National Vulnerability Database".
The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0.10.116 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27192 βΌ
π Read
via "National Vulnerability Database".
The Reporting module in Aseco Lietuva document management system DVS Avilys before 2022-03-10 allows unauthorized file download. An unauthenticated attacker can impersonate an administrator by reading administrative files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0315 βΌ
π Read
via "National Vulnerability Database".
Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0.π Read
via "National Vulnerability Database".
ποΈ Flash loan attack on One Ring protocol nets crypto-thief $1.4 million ποΈ
π Read
via "The Daily Swig".
Price manipulation of LP tokens ejected OShare tokens from protocolπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Flash loan attack on One Ring protocol nets crypto-thief $1.4 million
Price manipulation of LP tokens ejected OShare tokens from protocol
βΌ CVE-2022-0145 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository forkcms/forkcms prior to 5.11.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1061 βΌ
π Read
via "National Vulnerability Database".
Heap Buffer Overflow in parseDragons in GitHub repository radareorg/radare2 prior to 5.6.8.π Read
via "National Vulnerability Database".
β Top 3 Attack Trends in API Security β Podcast β
π Read
via "Threat Post".
Bots & automated attacks have exploded, with attackers and developers alike in love with APIs, according to a new Cequence Security report. Hacker-in-residence Jason Kent explains the latest.π Read
via "Threat Post".
Threat Post
Top 3 Attack Trends in API Security β Podcast
Bots & automated attacks have exploded, with attackers and developers alike in love with APIs, according to a new Cequence Security report. Hacker-in-residence Jason Kent explains the latest.
β Microsoft Help Files Disguise Vidar Malware β
π Read
via "Threat Post".
Attackers are hiding interesting malware in a boring place, hoping victims wonβt bother to look.π Read
via "Threat Post".
Threat Post
Microsoft Help Files Disguise Vidar Malware
Attackers are hiding interesting malware in a boring place, hoping victims wonβt bother to look.
β Tax-Season Scammers Spoof Fintechs, Including Stash, Public β
π Read
via "Threat Post".
Threat actors are impersonating such wildly popular personal-finance apps (which are used more than social media or streaming services) to try to fool people into giving up their credentials.π Read
via "Threat Post".
Threat Post
Tax-Season Scammers Spoof Fintechs, Including Stash, Public
Threat actors are impersonating such wildly popular personal-finance apps (which are used more than social media or streaming services) to try to fool people into giving up their credentials.
ποΈ FBI Most Wanted Russian national accused of running dark web marketplace ποΈ
π Read
via "The Daily Swig".
The 23-year-old has been indicted for operating a successful carding ringπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
FBI Most Wanted Russian national accused of running dark web marketplace
The 23-year-old has been indicted for operating a successful carding ring
β S3 Ep75: Okta hack, CryptoRom, OpenSSL, and CafePress [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep75: Okta hack, CryptoRom, OpenSSL, and CafePress [Podcast]
Latest episode β listen now!
π΄ What the Conti Ransomware Group Data Leak Tells Us π΄
π Read
via "Dark Reading".
Knowing the inner workings of Conti will not only help ransomware negotiators but also help organizations to better handle a ransomware attack when it happens.π Read
via "Dark Reading".
Dark Reading
What the Conti Ransomware Group Data Leak Tells Us
Knowing the inner workings of Conti will not only help ransomware negotiators but also help organizations to better handle a ransomware attack when it happens.
βΌ CVE-2021-43700 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in ApiManager 1.1. there is sql injection vulnerability that can use in /index.php?act=api&tag=8.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1052 βΌ
π Read
via "National Vulnerability Database".
Heap Buffer Overflow in iterate_chained_fixups in GitHub repository radareorg/radare2 prior to 5.6.6.π Read
via "National Vulnerability Database".
β Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection β
π Read
via "Threat Post".
Mustang Panda's already sophisticated cyberespionage campaign has matured even further with the introduction of a brand-new PlugX RAT variant.π Read
via "Threat Post".
Threat Post
Chinese APT Combines Fresh Hodur RAT with Complex Anti-Detection
Mustang Pandaβs already sophisticated cyberespionage campaign has matured even further with the introduction of a brand-new PlugX RAT variant.
π Wireshark Analyzer 3.6.3 π
π Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 3.6.3 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ποΈ Microweber developers resolve XSS vulnerability in CMS software ποΈ
π Read
via "The Daily Swig".
Content filtering shortcomings led to web security flawπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Microweber developers resolve XSS vulnerability in CMS software
Content filtering shortcomings led to web security flaw
βΌ CVE-2022-0551 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43659 βΌ
π Read
via "National Vulnerability Database".
In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0955 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/data-hub prior to 1.2.4.π Read
via "National Vulnerability Database".