βΌ CVE-2022-26249 βΌ
π Read
via "National Vulnerability Database".
Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26301 βΌ
π Read
via "National Vulnerability Database".
TuziCMS v2.0.6 was discovered to contain a SQL injection vulnerability via the component App\Manage\Controller\ZhuantiController.class.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26272 βΌ
π Read
via "National Vulnerability Database".
A remote code execution (RCE) vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25575 βΌ
π Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in Parking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via crafted payloads injected into the user name, password, and verification code text boxes.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25576 βΌ
π Read
via "National Vulnerability Database".
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts.π Read
via "National Vulnerability Database".
β UK police arrest 7 hacking suspects β have they bust the LAPSUS$ gang? β
π Read
via "Naked Security".
Seven alleged hackers have been arrested in the UK. But who are they, and which hacking crew are they from?π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π2
βΌ CVE-2018-25032 βΌ
π Read
via "National Vulnerability Database".
zlib 1.2.11 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22687 βΌ
π Read
via "National Vulnerability Database".
Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22688 βΌ
π Read
via "National Vulnerability Database".
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors.π Read
via "National Vulnerability Database".
ποΈ HTTP request smuggling bug patched in mitmproxy ποΈ
π Read
via "The Daily Swig".
Bug exploited inconsistencies between intermediary and backend serversπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
HTTP request smuggling bug patched in mitmproxy
Bug exploited inconsistencies between intermediary and backend servers
βΌ CVE-2021-44751 βΌ
π Read
via "National Vulnerability Database".
A vulnerability affecting F-Secure SAFE browser before March 22, 2022 was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most modern Android OS, dialer application will require user interaction, however, some older Android OS may not need user interaction.π Read
via "National Vulnerability Database".
β Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch β
π Read
via "Threat Post".
Two separate campaigns from different threat actors targeted users with the same exploit kit for more than a month before the company fixed an RCE flaw found in February.π Read
via "Threat Post".
Threat Post
Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch
Two separate campaigns from different threat actors targeted users with the same exploit kit for more than a month before the company fixed an RCE flaw found in February.
π΄ HR Alone Can't Solve the Great Resignation π΄
π Read
via "Dark Reading".
Here's how IT teams and decision-makers can step up to support the workforce. Creating a culture of feedback and introducing automation can mitigate burnout, inspire employees, and reduce turnover.π Read
via "Dark Reading".
Dark Reading
HR Alone Can't Solve the Great Resignation
Here's how IT teams and decision-makers can step up to support the workforce. Creating a culture of feedback and introducing automation can mitigate burnout, inspire employees, and reduce turnover.
βΌ CVE-2022-1064 βΌ
π Read
via "National Vulnerability Database".
SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1040 βΌ
π Read
via "National Vulnerability Database".
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.π Read
via "National Vulnerability Database".
ποΈ Four Russian government employees charged over hacking campaigns on critical infrastructure ποΈ
π Read
via "The Daily Swig".
Historical crimes unsealed by US courtsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Four Russian government employees charged over hacking campaigns on critical infrastructure
Historical crimes unsealed by US courts
π1
ποΈ Washington residentsβ medical data exposed by phishing attack on Spokane Regional Health District ποΈ
π Read
via "The Daily Swig".
Medications and test results among data potentially βpreviewedβ by attackerπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Washington residentsβ medical data exposed by phishing attack on Spokane Regional Health District
Medications and test results among data potentially βpreviewedβ by attacker
βΌ CVE-2022-27227 βΌ
π Read
via "National Vulnerability Database".
In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.π Read
via "National Vulnerability Database".
βοΈ Estonian Tied to 13 Ransomware Attacks Gets 66 Months in Prison βοΈ
π Read
via "Krebs on Security".
An Estonian man was sentenced today to more than five years in a U.S. prison for his role in at least 13 ransomware attacks that caused losses of approximately $53 million. Prosecutors say the accused also enjoyed a lengthy career of "cashing out" access to hacked bank accounts worldwide.π Read
via "Krebs on Security".
Krebs on Security
Estonian Tied to 13 Ransomware Attacks Gets 66 Months in Prison
An Estonian man was sentenced today to more than five years in a U.S. prison for his role in at least 13 ransomware attacks that caused losses of approximately $53 million. Prosecutors say the accused also enjoyed a lengthy careerβ¦
π΄ Here's How Fast Ransomware Encrypts Files π΄
π Read
via "Dark Reading".
New analysis shows how long it takes for each of the top 10 ransomware families to encrypt 100,000 files.π Read
via "Dark Reading".
Dark Reading
Here's How Fast Ransomware Encrypts Files
New analysis shows how long it takes for each of the top 10 ransomware families to encrypt 100,000 files.
π΄ WiCyS Members Now Have access to Cyber Defense Challenge Through Target π΄
π Read
via "Dark Reading".
Target's cybersecurity team has designed a Cyber Defense Challenge exclusively for members of Women in CyberSecurity (WiCyS).π Read
via "Dark Reading".
Dark Reading
WiCyS Members Now Have Access to Cyber Defense Challenge Through Target
Target's cybersecurity team has designed a Cyber Defense Challenge exclusively for members of Women in CyberSecurity (WiCyS).