βΌ CVE-2022-1176 βΌ
π Read
via "National Vulnerability Database".
Loose comparison causes IDOR on multiple endpoints in GitHub repository livehelperchat/livehelperchat prior to 3.96.π Read
via "National Vulnerability Database".
ποΈ Critical SQL injection flaw fixed in Rapid7βs Nexpose vulnerability scanner ποΈ
π Read
via "The Daily Swig".
Attacks could be mounted via manipulation of query operators in search criteriaπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Critical SQL injection flaw fixed in Rapid7βs Nexpose vulnerability scanner
Attacks could be mounted via manipulation of query operators in search criteria
β A Blockchain Primer and a Bored Ape Headscratcher β Podcast β
π Read
via "Threat Post".
Mystified? Nowβs the time to learn about cryptocurrency-associated risks: Listen to KnowBe4βs Dr. Lydia Kostopoulos explain blockchain, NFTs and how to stay safe.π Read
via "Threat Post".
π΄ Nation-State Hackers Ramp Up Ukraine War-Themed Attacks π΄
π Read
via "Dark Reading".
Among them is the operator of the Ghostwriter misinformation campaign, with a new browser-in-browser phishing technique, according to Google's research team.π Read
via "Dark Reading".
Dark Reading
Nation-State Hackers Ramp Up Ukraine War-Themed Attacks
Among them is the operator of the Ghostwriter misinformation campaign, with a new browser-in-browser phishing technique, according to Google's research team.
β QNAP Customers Adrift, Waiting on Fix for OpenSSL Bug β
π Read
via "Threat Post".
QNAP is warning clients that a recently disclosed vulnerability affects most of its NAS devices, with no mitigation available while the vendor readies a patch.π Read
via "Threat Post".
Threat Post
QNAP Customers Adrift, Waiting on Fix for OpenSSL Bug
QNAP is warning clients that a recently disclosed vulnerability affects most of its NAS devices, with no mitigation available while the vendor readies a patch.
β World Backup Day: 5 data recovery tips for everyone! β
π Read
via "Naked Security".
The only backup you will ever regret is the one you didn't makeπ Read
via "Naked Security".
Naked Security
World Backup Day: 5 data recovery tips for everyone!
The only backup you will ever regret is the one you didnβt make
π1
β S3 Ep76: Deadbolt, LAPSUS$, Zlib, and a Chrome 0-day [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep76: Deadbolt, LAPSUS$, Zlib, and a Chrome 0-day [Podcast]
Latest episode β listen now!
β βVMware Spring Cloudβ Java bug gives instant remote code execution β update now! β
π Read
via "Naked Security".
Easy unauthenticated remote code execution - PoC code already outπ Read
via "Naked Security".
Naked Security
βVMware Spring Cloud Functionβ Java bug gives instant remote code execution β update now!
Easy unauthenticated remote code execution β PoC code already out
π΄ Protecting Your Organization Against a New Class of Cyber Threats: HEAT π΄
π Read
via "Dark Reading".
Take a preventative threat approach and apply security measures near end users, applications, and data to increase protection.π Read
via "Dark Reading".
Dark Reading
Protecting Your Organization Against a New Class of Cyber Threats: HEAT
Take a preventative threat approach and apply security measures near end users, applications, and data to increase protection.
ποΈ Spring4Shell: Spring users face new, zero-day vulnerability ποΈ
π Read
via "The Daily Swig".
Both security bugs are now reportedly being exploited in the wildπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Spring4Shell: Spring users face new, zero-day vulnerability
Both security bugs are now reportedly being exploited in the wild
β Automaker Cybersecurity Lagging Behind Tech Adoption, Experts Warn β
π Read
via "Threat Post".
A bug in Honda is indicative of the sprawling car-attack surface that could give cyberattackers easy access to victims, as global use of βsmart car techβ and EVs surges.π Read
via "Threat Post".
Threat Post
Automaker Cybersecurity Lagging Behind Tech Adoption, Experts Warn
A bug in Honda is indicative of the sprawling car-attack surface that could give cyberattackers easy access to victims, as global use of βsmart car techβ and EVs surges.
π U.S. Election Officials Targeted in Phishing Campaign π
π Read
via "".
The campaign is part of what the FBI calls "a concerted effort to target US election officials."π Read
via "".
Digital Guardian
U.S. Election Officials Targeted in Phishing Campaign
The campaign is part of what the FBI calls "a concerted effort to target US election officials."
β Two different βVMware Springβ bugs at large β we cut through the confusion β
π Read
via "Naked Security".
Whoever came up with the name "Spring4Shell" didn't help at all... we cut through the Spring Bug confusionπ Read
via "Naked Security".
Naked Security
Two different βVMware Springβ bugs at large β we cut through the confusion
Whoever came up with the name βSpring4Shellβ didnβt help at allβ¦ we cut through the Spring Bug confusion
β Belarusian βGhostwriterβ Actor Picks Up BitB for Ukraine-Related Attacks β
π Read
via "Threat Post".
Ghostwriter is one of 3 campaigns using war-themed attacks, with cyber-fire coming in from government-backed actors in China, Iran, North Korea & Russia.π Read
via "Threat Post".
Threat Post
Belarusian βGhostwriterβ Actor Picks Up BitB for Ukraine-Related Attacks
Ghostwriter is one of 3 campaigns using war-themed attacks, with cyber-fire coming in from government-backed actors in China, Iran, North Korea & Russia.
π΄ U.S. Cyber Command Adds APUS as Member in Newly Formed Academic Network π΄
π Read
via "Dark Reading".
The Academic Engagement Network is designed to advance cybersecurity in four areas.π Read
via "Dark Reading".
Dark Reading
U.S. Cyber Command Adds APUS as Member in Newly Formed Academic Network
The Academic Engagement Network is designed to advance cybersecurity in four areas.
βΌ CVE-2021-34257 βΌ
π Read
via "National Vulnerability Database".
Multiple Remote Code Execution (RCE) vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to (1) Dashboard's Avatar image, (2) Posts Folder image, (3) Pages Folder image and (4) Gallery Folder image.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0350 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43506 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the password parameter in Login.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43505 βΌ
π Read
via "National Vulnerability Database".
Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Management System v1 via (1) Add new Client and (2) Add new invoice.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43484 βΌ
π Read
via "National Vulnerability Database".
A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42869 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 via the last_name parameter in the (1) patient/insert, (2) patient_report, (3) /appointment_report, (4) visit_report, and (5) /bill_detail_report pages.π Read
via "National Vulnerability Database".