βΌ CVE-2022-27950 βΌ
π Read
via "National Vulnerability Database".
In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition.π Read
via "National Vulnerability Database".
β UK police arrest 7 hacking suspects β have they bust the LAPSUS$ gang? β
π Read
via "Naked Security".
Seven alleged hackers have been arrested in the UK. But who are they, and which hacking crew are they from?π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
ποΈ FCC adds Kaspersky products to list of national security threats as Russian invasion of Ukraine continues ποΈ
π Read
via "The Daily Swig".
Russian antivirus vendor cited in expanded guidanceπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
FCC adds Kaspersky products to list of national security threats as Russian invasion of Ukraine continues
Russian antivirus vendor cited in expanded guidance
π΄ Security's Life Cycle Isn't the Developers' Life Cycle π΄
π Read
via "Dark Reading".
Whether it's PCI-DSS, SSDLC, or GDPR, the criteria that security standards expect businesses to uphold are neither realistic or feasible.π Read
via "Dark Reading".
Dark Reading
Security's Life Cycle Isn't the Developers' Life Cycle
Whether it's PCI-DSS, SSDLC, or GDPR, the criteria that security standards expect businesses to uphold are neither realistic or feasible.
β Google Chrome patches mysterious new zero-day bug β update now β
π Read
via "Naked Security".
CVE-2022-1096 - another mystery in-the-wild 0-day in Chrome... check your version now!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π1
βΌ CVE-2022-23884 βΌ
π Read
via "National Vulnerability Database".
Mojang Bedrock Dedicated Server 1.18.2 is affected by an integer overflow leading to a bound check bypass caused by PurchaseReceiptPacket::_read (packet deserializer).π Read
via "National Vulnerability Database".
βΌ CVE-2022-23882 βΌ
π Read
via "National Vulnerability Database".
TuziCMS 2.0.6 is affected by SQL injection in \App\Manage\Controller\BannerController.class.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46434 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** EMQ X Dashboard V3.0.0 is affected by username enumeration in the "/api /v3/auth" interface. When a user login, the application returns different results depending on whether the account is correct, that allowed an attacker to determine if a given username was valid.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43725 βΌ
π Read
via "National Vulnerability Database".
There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0342 βΌ
π Read
via "National Vulnerability Database".
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.π Read
via "National Vulnerability Database".
ποΈ ENISA urges data-handling innovation amid growing tide of healthcare breaches ποΈ
π Read
via "The Daily Swig".
Infosec agency sets out use cases for clinical trials, data exchange, and connected devicesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
ENISA urges data-handling innovation amid growing tide of healthcare breaches
Infosec agency sets out use cases for clinical trials, data exchange, and connected devices
ποΈ Attackers getting faster at latching onto unpatched vulnerabilities for stealth hacking campaigns β report ποΈ
π Read
via "The Daily Swig".
Enterprises need to be ready with βbattle-tested incident response proceduresβ as zero-day exploitation ramps upπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Attackers getting faster at latching onto unpatched vulnerabilities for stealth hacking campaigns β report
Enterprises need to be ready with βbattle-tested incident response proceduresβ as zero-day exploitation ramps up
βΌ CVE-2021-43721 βΌ
π Read
via "National Vulnerability Database".
Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload : <video src=x onerror=(function(){require('child_process').exec('calc');})();>π Read
via "National Vulnerability Database".
βΌ CVE-2021-44103 βΌ
π Read
via "National Vulnerability Database".
Vertical Privilege Escalation in KONGA 0.14.9 allows attackers to higher privilege users to full administration access. The attack vector is a crafted condition, as demonstrated by the /api/user/{ID} at ADMIN parameter.π Read
via "National Vulnerability Database".
β Critical Sophos Security Bug Allows RCE on Firewalls β
π Read
via "Threat Post".
The security vendor's appliance suffers from an authentication-bypass issue.π Read
via "Threat Post".
Threat Post
Critical Sophos Security Bug Allows RCE on Firewalls
The security vendor's appliance suffers from an authentication-bypass issue.
β€1
βΌ CVE-2021-44124 βΌ
π Read
via "National Vulnerability Database".
Hiby Music Hiby OS R3 Pro 1.5 and 1.6 is vulnerable to Directory Traversal. The HTTP Server does not have enough input data sanitization when shown data from SD Card, an attacker can navigate through the device's File System over HTTP.π Read
via "National Vulnerability Database".
β Okta Says It Goofed in Handling the Lapsus$ Attack β
π Read
via "Threat Post".
"We made a mistake," Okta said, owning up to its responsibility for security incidents that hit its service providers and potentially its own customers.π Read
via "Threat Post".
Threat Post
Okta Says It Goofed in Handling the Lapsus$ Attack
"We made a mistake," Okta said, owning up to its responsibility for security incidents that hit its service providers and potentially its own customers.
π΄ Vodafone Portugal: The Attack on Brand Reputations and Public Confidence Through Cybercrime π΄
π Read
via "Dark Reading".
Companies must prepare effective, data-driven threat-response strategies as they monitor for reputational risks as well as cyberattacks.π Read
via "Dark Reading".
Dark Reading
Vodafone Portugal: The Attack on Brand Reputations and Public Confidence Through Cybercrime
Companies must prepare effective, data-driven threat-response strategies as they monitor for reputational risks as well as cyberattacks.
π Google: Update Chrome Now to Fix Zero-Day π
π Read
via "".
An emergency update for Google Chrome, released Friday, fixes a zero-day that's being exploited in attacks.π Read
via "".
Digital Guardian
Google: Update Chrome Now to Fix Zero-Day
An emergency update for Google Chrome, released Friday, fixes a zero-day that's being exploited in attacks.
βΌ CVE-2022-1056 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 46dc8fcd.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26980 βΌ
π Read
via "National Vulnerability Database".
Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO.π Read
via "National Vulnerability Database".