βΌ CVE-2022-0550 βΌ
π Read
via "National Vulnerability Database".
Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0.π Read
via "National Vulnerability Database".
π΄ APIs & the Software Supply Chain β Evolving Security for Today's Digital Ecosystem π΄
π Read
via "Dark Reading".
Securing APIs requires both a "shift left" methodology and "shield right" action.π Read
via "Dark Reading".
Dark Reading
APIs & the Software Supply Chain β Evolving Security for Today's Digital Ecosystem
Securing APIs requires both a "shift left" methodology and "shield right" action.
β HubSpot Data Breach Ripples Through Crytocurrency Industry β
π Read
via "Threat Post".
~30 crypto companies were affected, including BlockFi, Swan Bitcoin and NYDIG, providing an uncomfortable reminder about how much data CRM systems snarf up.π Read
via "Threat Post".
Threat Post
HubSpot Data Breach Ripples Through Crytocurrency Industry
~30 crypto companies were affected, including BlockFi, Swan Bitcoin and NYDIG, providing an uncomfortable reminder about how much data CRM systems snarf up.
π΄ For MSPs, Next-Gen Email Security Is a Must π΄
π Read
via "Dark Reading".
Stay one step ahead of the constantly evolving cyber threats with the right MSP email security solution. Discover how to evaluate and select the best service and solutions for your clients.π Read
via "Dark Reading".
Dark Reading
For MSPs, Next-Gen Email Security Is a Must
Stay one step ahead of the constantly evolving cyberthreats with the right MSP email security solution. Discover how to evaluate and select the best service and solutions for your clients.
βΌ CVE-2022-21820 βΌ
π Read
via "National Vulnerability Database".
NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, escalation of privileges, and limited impacts to both data confidentiality and integrity.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26629 βΌ
π Read
via "National Vulnerability Database".
An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.30 in the Lock Screen Security Feature function due to insufficient permissions and privileges, which allows a malicious attacker bypass the lock screen function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0153 βΌ
π Read
via "National Vulnerability Database".
SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25568 βΌ
π Read
via "National Vulnerability Database".
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.π Read
via "National Vulnerability Database".
π΄ How Casinos Can Prevent Loyalty Incentive and Account Takeover Fraud π΄
π Read
via "Dark Reading".
As casinos go digital, their loyalty programs and authentic accounts are at risk.π Read
via "Dark Reading".
Dark Reading
How Casinos Can Prevent Loyalty Incentive and Account Takeover Fraud
As casinos go digital, their loyalty programs and authentic accounts are at risk.
β Just-Released Dark Souls Game, Elden Ring, Includes Killer Bug β
π Read
via "Threat Post".
A patch fixes exploit hidden in Elden Ring that traps PC players in a βdeath loop.βπ Read
via "Threat Post".
Threat Post
Just-Released Dark Souls Game, Elden Ring, Includes Killer Bug
A patch fixes exploit hidden in Elden Ring that traps PC players in a βdeath loop.β
π Proposed Commission Would Seek to Modernize HIPAA π
π Read
via "".
As part of new legislation, a new commission would assess the current state of health data privacy and lay the groundwork for modernizing HIPAA.π Read
via "".
βΌ CVE-2021-43085 βΌ
π Read
via "National Vulnerability Database".
An Insecure Permissions vulnerability exists in the OpenSSL Project 3.0 due to an error in the implementation of the CMAC_Final() function.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43666 βΌ
π Read
via "National Vulnerability Database".
A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22374 βΌ
π Read
via "National Vulnerability Database".
The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may be subject to downgrade attack which may affect its ability to operate its host. IBM X-Force ID: 221442.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43084 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tableName parameter.π Read
via "National Vulnerability Database".
β Microsoft Azure Developers Awash in PII-Stealing npm Packages β
π Read
via "Threat Post".
A large-scale, automated typosquatting attack saw 200+ malicious packages flood the npm code repository, targeting popular Azure scopes.π Read
via "Threat Post".
Threat Post
Microsoft Azure Developers Awash in PII-Stealing npm Packages
A large-scale, automated typosquatting attack saw 200+ malicious packages flood the npm code repository, targeting popular Azure scopes.
β UK Cops Collar 7 Suspected Lapsus$ Gang Members β
π Read
via "Threat Post".
London Police can't say if they nabbed the 17-year-old suspected mastermind & multimillionaire β but researchers say theyβve been tracking an Oxford teen since mid-2021.π Read
via "Threat Post".
Threat Post
UK Cops Collar 7 Suspected Lapsus$ Gang Members
London Police can't say if they nabbed the 17-year-old suspected mastermind & multimillionaire β but researchers say theyβve been tracking an Oxford teen since mid-2021.
π1
βΌ CVE-2022-24781 βΌ
π Read
via "National Vulnerability Database".
Geon is a board game based on solving questions about the Pythagorean Theorem. Malicious users can obtain the uuid from other users, spoof that uuid through the browser console and become co-owners of the target session. This issue is patched in version 1.1.0. No known workaround exists.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24782 βΌ
π Read
via "National Vulnerability Database".
Discourse is an open source discussion platform. Versions 2.8.2 and prior in the `stable` branch, 2.9.0.beta3 and prior in the `beta` branch, and 2.9.0.beta3 and prior in the `tests-passed` branch are vulnerable to a data leak. Users can request an export of their own activity. Sometimes, due to category settings, they may have category membership for a secure category. The name of this secure category is shown to the user in the export. The same thing occurs when the user's post has been moved to a secure category. A patch for this issue is available in the `main` branch of Discourse's GitHub repository and is anticipated to be part of future releases.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24769 βΌ
π Read
via "National Vulnerability Database".
Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24776 βΌ
π Read
via "National Vulnerability Database".
Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are currently no known workarounds.π Read
via "National Vulnerability Database".