π΄ HR Alone Can't Solve the Great Resignation π΄
π Read
via "Dark Reading".
Here's how IT teams and decision-makers can step up to support the workforce. Creating a culture of feedback and introducing automation can mitigate burnout, inspire employees, and reduce turnover.π Read
via "Dark Reading".
Dark Reading
HR Alone Can't Solve the Great Resignation
Here's how IT teams and decision-makers can step up to support the workforce. Creating a culture of feedback and introducing automation can mitigate burnout, inspire employees, and reduce turnover.
βΌ CVE-2022-1064 βΌ
π Read
via "National Vulnerability Database".
SQL injection through marking blog comments on bulk as spam in GitHub repository forkcms/forkcms prior to 5.11.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1040 βΌ
π Read
via "National Vulnerability Database".
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.π Read
via "National Vulnerability Database".
ποΈ Four Russian government employees charged over hacking campaigns on critical infrastructure ποΈ
π Read
via "The Daily Swig".
Historical crimes unsealed by US courtsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Four Russian government employees charged over hacking campaigns on critical infrastructure
Historical crimes unsealed by US courts
π1
ποΈ Washington residentsβ medical data exposed by phishing attack on Spokane Regional Health District ποΈ
π Read
via "The Daily Swig".
Medications and test results among data potentially βpreviewedβ by attackerπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Washington residentsβ medical data exposed by phishing attack on Spokane Regional Health District
Medications and test results among data potentially βpreviewedβ by attacker
βΌ CVE-2022-27227 βΌ
π Read
via "National Vulnerability Database".
In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.π Read
via "National Vulnerability Database".
βοΈ Estonian Tied to 13 Ransomware Attacks Gets 66 Months in Prison βοΈ
π Read
via "Krebs on Security".
An Estonian man was sentenced today to more than five years in a U.S. prison for his role in at least 13 ransomware attacks that caused losses of approximately $53 million. Prosecutors say the accused also enjoyed a lengthy career of "cashing out" access to hacked bank accounts worldwide.π Read
via "Krebs on Security".
Krebs on Security
Estonian Tied to 13 Ransomware Attacks Gets 66 Months in Prison
An Estonian man was sentenced today to more than five years in a U.S. prison for his role in at least 13 ransomware attacks that caused losses of approximately $53 million. Prosecutors say the accused also enjoyed a lengthy careerβ¦
π΄ Here's How Fast Ransomware Encrypts Files π΄
π Read
via "Dark Reading".
New analysis shows how long it takes for each of the top 10 ransomware families to encrypt 100,000 files.π Read
via "Dark Reading".
Dark Reading
Here's How Fast Ransomware Encrypts Files
New analysis shows how long it takes for each of the top 10 ransomware families to encrypt 100,000 files.
π΄ WiCyS Members Now Have access to Cyber Defense Challenge Through Target π΄
π Read
via "Dark Reading".
Target's cybersecurity team has designed a Cyber Defense Challenge exclusively for members of Women in CyberSecurity (WiCyS).π Read
via "Dark Reading".
Dark Reading
WiCyS Members Now Have Access to Cyber Defense Challenge Through Target
Target's cybersecurity team has designed a Cyber Defense Challenge exclusively for members of Women in CyberSecurity (WiCyS).
βΌ CVE-2021-43090 βΌ
π Read
via "National Vulnerability Database".
An XML External Entity (XXE) vulnerability exists in all versions of soa-model (as of 11.01/2021) in the WSDLParser function.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21554 βΌ
π Read
via "National Vulnerability Database".
A File Deletion vulnerability exists in TinyShop 3.1.1 in the back_list parameter in controllers\admin.php, which could let a malicious user delete any file such as install.lock to reinstall cms.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26263 βΌ
π Read
via "National Vulnerability Database".
Yonyou u8 v13.0 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability via the component /u8sl/WebHelp.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43091 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vlnerability exits in Yeswiki doryphore 20211012 via the email parameter in the registration form.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24777 βΌ
π Read
via "National Vulnerability Database".
grpc-swift is the Swift language implementation of gRPC, a remote procedure call (RPC) framework. Prior to version 1.7.2, a grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This is due to incorrect logic when handling GOAWAY frames. The attack is low-effort: it takes very little resources to construct and send the required sequence of frames. The impact on availability is high as the server will crash, dropping all in flight connections and requests. This issue is fixed in version 1.7.2. There are currently no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25577 βΌ
π Read
via "National Vulnerability Database".
ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access to the system are able to read and modify the data.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25582 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the Column module of ClassCMS v2.5 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Articles field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25574 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46426 βΌ
π Read
via "National Vulnerability Database".
phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality.π Read
via "National Vulnerability Database".
π Friday Five 3/25 π
π Read
via "".
Two nation-state hacking campaigns revealed, gauging federal cyber collaboration, and more - catch up on the news of the week with the Friday Five!π Read
via "".
Digital Guardian
Friday Five 3/25
Two nation-state hacking campaigns revealed, gauging federal cyber collaboration, and more - catch up on the news of the week with the Friday Five!
π΄ How Do I Demonstrate the ROI of My Security Program? π΄
π Read
via "Dark Reading".
Security teams must shift away from saying no, align security initiatives to business goals, and report metrics in a way business leaders can understand.π Read
via "Dark Reading".
Dark Reading
How Do I Demonstrate the ROI of My Security Program?
Security teams must shift away from saying no, align security initiatives to business goals, and report metrics in a way business leaders can understand.
βΌ CVE-2022-1049 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.π Read
via "National Vulnerability Database".