βΌ CVE-2022-22688 βΌ
π Read
via "National Vulnerability Database".
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in File service functionality in Synology DiskStation Manager (DSM) before 6.2.4-25556-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors.π Read
via "National Vulnerability Database".
ποΈ HTTP request smuggling bug patched in mitmproxy ποΈ
π Read
via "The Daily Swig".
Bug exploited inconsistencies between intermediary and backend serversπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
HTTP request smuggling bug patched in mitmproxy
Bug exploited inconsistencies between intermediary and backend servers
βΌ CVE-2021-44751 βΌ
π Read
via "National Vulnerability Database".
A vulnerability affecting F-Secure SAFE browser before March 22, 2022 was discovered. A maliciously crafted website attached with USSD code in JavaScript or iFrame can trigger dialer application from F-Secure browser which can be exploited by an attacker to send unwanted USSD messages or perform unwanted calls. In most modern Android OS, dialer application will require user interaction, however, some older Android OS may not need user interaction.π Read
via "National Vulnerability Database".
β Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch β
π Read
via "Threat Post".
Two separate campaigns from different threat actors targeted users with the same exploit kit for more than a month before the company fixed an RCE flaw found in February.π Read
via "Threat Post".
Threat Post
Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch
Two separate campaigns from different threat actors targeted users with the same exploit kit for more than a month before the company fixed an RCE flaw found in February.
π΄ HR Alone Can't Solve the Great Resignation π΄
π Read
via "Dark Reading".
Here's how IT teams and decision-makers can step up to support the workforce. Creating a culture of feedback and introducing automation can mitigate burnout, inspire employees, and reduce turnover.π Read
via "Dark Reading".
Dark Reading
HR Alone Can't Solve the Great Resignation
Here's how IT teams and decision-makers can step up to support the workforce. Creating a culture of feedback and introducing automation can mitigate burnout, inspire employees, and reduce turnover.
βΌ CVE-2022-1064 βΌ
π Read
via "National Vulnerability Database".
SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1040 βΌ
π Read
via "National Vulnerability Database".
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.π Read
via "National Vulnerability Database".
ποΈ Four Russian government employees charged over hacking campaigns on critical infrastructure ποΈ
π Read
via "The Daily Swig".
Historical crimes unsealed by US courtsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Four Russian government employees charged over hacking campaigns on critical infrastructure
Historical crimes unsealed by US courts
π1
ποΈ Washington residentsβ medical data exposed by phishing attack on Spokane Regional Health District ποΈ
π Read
via "The Daily Swig".
Medications and test results among data potentially βpreviewedβ by attackerπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Washington residentsβ medical data exposed by phishing attack on Spokane Regional Health District
Medications and test results among data potentially βpreviewedβ by attacker
βΌ CVE-2022-27227 βΌ
π Read
via "National Vulnerability Database".
In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.π Read
via "National Vulnerability Database".
βοΈ Estonian Tied to 13 Ransomware Attacks Gets 66 Months in Prison βοΈ
π Read
via "Krebs on Security".
An Estonian man was sentenced today to more than five years in a U.S. prison for his role in at least 13 ransomware attacks that caused losses of approximately $53 million. Prosecutors say the accused also enjoyed a lengthy career of "cashing out" access to hacked bank accounts worldwide.π Read
via "Krebs on Security".
Krebs on Security
Estonian Tied to 13 Ransomware Attacks Gets 66 Months in Prison
An Estonian man was sentenced today to more than five years in a U.S. prison for his role in at least 13 ransomware attacks that caused losses of approximately $53 million. Prosecutors say the accused also enjoyed a lengthy careerβ¦
π΄ Here's How Fast Ransomware Encrypts Files π΄
π Read
via "Dark Reading".
New analysis shows how long it takes for each of the top 10 ransomware families to encrypt 100,000 files.π Read
via "Dark Reading".
Dark Reading
Here's How Fast Ransomware Encrypts Files
New analysis shows how long it takes for each of the top 10 ransomware families to encrypt 100,000 files.
π΄ WiCyS Members Now Have access to Cyber Defense Challenge Through Target π΄
π Read
via "Dark Reading".
Target's cybersecurity team has designed a Cyber Defense Challenge exclusively for members of Women in CyberSecurity (WiCyS).π Read
via "Dark Reading".
Dark Reading
WiCyS Members Now Have Access to Cyber Defense Challenge Through Target
Target's cybersecurity team has designed a Cyber Defense Challenge exclusively for members of Women in CyberSecurity (WiCyS).
βΌ CVE-2021-43090 βΌ
π Read
via "National Vulnerability Database".
An XML External Entity (XXE) vulnerability exists in all versions of soa-model (as of 11.01/2021) in the WSDLParser function.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21554 βΌ
π Read
via "National Vulnerability Database".
A File Deletion vulnerability exists in TinyShop 3.1.1 in the back_list parameter in controllers\admin.php, which could let a malicious user delete any file such as install.lock to reinstall cms.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26263 βΌ
π Read
via "National Vulnerability Database".
Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43091 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24777 βΌ
π Read
via "National Vulnerability Database".
grpc-swift is the Swift language implementation of gRPC, a remote procedure call (RPC) framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This is due to incorrect logic when handling GOAWAY frames. The attack is low-effort: it takes very little resources to construct and send the required sequence of frames. The impact on availability is high as the server will crash, dropping all in flight connections and requests. This issue is fixed in version 1.7.2. There are currently no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25577 βΌ
π Read
via "National Vulnerability Database".
ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access to the system are able to read and modify the data.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25582 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25574 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file.π Read
via "National Vulnerability Database".