ποΈ βDangerousβ EU web authentication plan threatens to undercut browser-led certification system, detractors claim ποΈ
π Read
via "The Daily Swig".
Signatories to a letter criticizing EU scheme share their misgivings with The Daily Swigπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
βDangerousβ EU web authentication plan threatens to undercut browser-led certification system, detractors claim
Signatories to a letter criticizing EU scheme share their misgivings with The Daily Swig
β Zlib data compressor fixes 17-year-old security bug β patch, errrm, now β
π Read
via "Naked Security".
This code is venerable! Surely all the bugs must be out by now?π Read
via "Naked Security".
Naked Security
Zlib data compressor fixes 17-year-old security bug β patch, errrm, now
This code is venerable! Surely all the bugs must be out by now?
ποΈ SQL injection protections in ImpressCMS could be bypassed to achieve RCE ποΈ
π Read
via "The Daily Swig".
Features designed to protect against SQL injection could be abused and turned against the host applicationπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
SQL injection protections in ImpressCMS could be bypassed to achieve RCE
Features designed to protect against SQL injection could be abused and turned against the host application
β World Backup Day: 5 data recovery tips for everyone! β
π Read
via "Naked Security".
The only backup you will ever regret is the one you didn't makeπ Read
via "Naked Security".
Naked Security
World Backup Day: 5 data recovery tips for everyone!
The only backup you will ever regret is the one you didnβt make
π₯1
π΄ Cloud Security Architecture Needs to Be Strategic, Realistic, and Based on Risk π΄
π Read
via "Dark Reading".
Info-Tech Research Group has released a new research blueprint to help organizations plan the components necessary to build a cloud security architecture.π Read
via "Dark Reading".
Dark Reading
Cloud Security Architecture Needs to Be Strategic, Realistic, and Based on Risk
Info-Tech Research Group has released a new research blueprint to help organizations plan the components necessary to build a cloud security architecture.
βΌ CVE-2022-25619 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary code. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86.π Read
via "National Vulnerability Database".
π₯1
βΌ CVE-2022-25620 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute arbitrary codes on the vulnerable server. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86.π Read
via "National Vulnerability Database".
π₯1
β Lapsus$ βBack from Vacationβ β
π Read
via "Threat Post".
Lapsus$ added IT giant Globant plus 70GB of leaked data β including admin credentials for scads of customers' DevOps platforms β to its hit list.π Read
via "Threat Post".
Threat Post
Lapsus$ βBack from Vacationβ
Lapsus$ added IT giant Globant plus 70GB of leaked data β including admin credentials for scads of customers' DevOps platforms β to its hit list.
β Google Chrome Bug Actively Exploited as Zero-Day β
π Read
via "Threat Post".
The internet giant issued an update for the bug, which is found in the open-source V8 JavaScript engine.π Read
via "Threat Post".
Threat Post
Google Chrome Bug Actively Exploited as Zero-Day
The internet giant issued an update for the bug, which is found in the open-source V8 JavaScript engine.
ποΈ Spring Cloud framework commits patch for code injection flaw ποΈ
π Read
via "The Daily Swig".
A fix appears to have been pushed but is not available in a stable release yetπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Spring Cloud framework commits patch for code injection flaw
A fix appears to have been pushed but is not available in a stable release yet
β βVMWare Spring Cloudβ Java bug gives instant remote code execution β update now! β
π Read
via "Naked Security".
Easy unauthenticated remote code execution - PoC code already outπ Read
via "Naked Security".
Naked Security
βVMware Spring Cloud Functionβ Java bug gives instant remote code execution β update now!
Easy unauthenticated remote code execution β PoC code already out
π1
π΄ Cybercriminals Fighting Over Cloud Workloads for Cryptomining π΄
π Read
via "Dark Reading".
Whether compromising misconfigured cloud infrastructure or taking advantage of free-tier cloud development platforms, attackers see a vast pool of workloads to use for cryptomining.π Read
via "Dark Reading".
Dark Reading
Cybercriminals Fighting Over Cloud Workloads for Cryptomining
Whether compromising misconfigured cloud infrastructure or taking advantage of free-tier cloud development platforms, attackers see a vast pool of workloads to use for cryptomining.
π΄ Smart Cities: Secure by Design? It Takes a Village π΄
π Read
via "Dark Reading".
Smart-city security breaches have potentially very serious consequences β they can be economically devastating and even life-threatening, if handled wrong.π Read
via "Dark Reading".
Dark Reading
Smart Cities: Secure by Design? It Takes a Village
Smart-city security breaches have potentially very serious consequences β they can be economically devastating and even life-threatening, if handled wrong.
β Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments β
π Read
via "Threat Post".
The active attacks could result in critical-infrastructure damage, business disruption, lateral movement and more.π Read
via "Threat Post".
Threat Post
Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments
The active attacks could result in critical-infrastructure damage, business disruption, lateral movement and more.
βΌ CVE-2021-39751 βΌ
π Read
via "National Vulnerability Database".
In Settings, there is a possible way to read Bluetooth device names without proper permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-172838801π Read
via "National Vulnerability Database".
βΌ CVE-2021-39758 βΌ
π Read
via "National Vulnerability Database".
In WindowManager, there is a possible way to start a foreground activity from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-205130886π Read
via "National Vulnerability Database".
βΌ CVE-2021-39755 βΌ
π Read
via "National Vulnerability Database".
In DevicePolicyManager, there is a possible way to reveal the existence of an installed package without proper query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204995407π Read
via "National Vulnerability Database".
βΌ CVE-2021-39784 βΌ
π Read
via "National Vulnerability Database".
In CellBroadcastReceiver, there is a possible path to enable specific cellular features due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-200163477π Read
via "National Vulnerability Database".
βΌ CVE-2021-39739 βΌ
π Read
via "National Vulnerability Database".
In ArrayMap, there is a possible leak of the content of SMS messages due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-184525194π Read
via "National Vulnerability Database".
βΌ CVE-2021-39742 βΌ
π Read
via "National Vulnerability Database".
In Voicemail, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-186405602π Read
via "National Vulnerability Database".
βΌ CVE-2021-39779 βΌ
π Read
via "National Vulnerability Database".
In getCallStateUsingPackage of Telecom Service, there is a missing permission check. This could lead to local information disclosure of the call state with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-190400974π Read
via "National Vulnerability Database".