π΄ Nation-State Hackers Ramp Up Ukraine War-Themed Attacks π΄
π Read
via "Dark Reading".
Among them is the operator of the Ghostwriter misinformation campaign, with a new browser-in-browser phishing technique, according to Google's research team.π Read
via "Dark Reading".
Dark Reading
Nation-State Hackers Ramp Up Ukraine War-Themed Attacks
Among them is the operator of the Ghostwriter misinformation campaign, with a new browser-in-browser phishing technique, according to Google's research team.
β QNAP Customers Adrift, Waiting on Fix for OpenSSL Bug β
π Read
via "Threat Post".
QNAP is warning clients that a recently disclosed vulnerability affects most of its NAS devices, with no mitigation available while the vendor readies a patch.π Read
via "Threat Post".
Threat Post
QNAP Customers Adrift, Waiting on Fix for OpenSSL Bug
QNAP is warning clients that a recently disclosed vulnerability affects most of its NAS devices, with no mitigation available while the vendor readies a patch.
β World Backup Day: 5 data recovery tips for everyone! β
π Read
via "Naked Security".
The only backup you will ever regret is the one you didn't makeπ Read
via "Naked Security".
Naked Security
World Backup Day: 5 data recovery tips for everyone!
The only backup you will ever regret is the one you didnβt make
π1
β S3 Ep76: Deadbolt, LAPSUS$, Zlib, and a Chrome 0-day [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep76: Deadbolt, LAPSUS$, Zlib, and a Chrome 0-day [Podcast]
Latest episode β listen now!
β βVMware Spring Cloudβ Java bug gives instant remote code execution β update now! β
π Read
via "Naked Security".
Easy unauthenticated remote code execution - PoC code already outπ Read
via "Naked Security".
Naked Security
βVMware Spring Cloud Functionβ Java bug gives instant remote code execution β update now!
Easy unauthenticated remote code execution β PoC code already out
π΄ Protecting Your Organization Against a New Class of Cyber Threats: HEAT π΄
π Read
via "Dark Reading".
Take a preventative threat approach and apply security measures near end users, applications, and data to increase protection.π Read
via "Dark Reading".
Dark Reading
Protecting Your Organization Against a New Class of Cyber Threats: HEAT
Take a preventative threat approach and apply security measures near end users, applications, and data to increase protection.
ποΈ Spring4Shell: Spring users face new, zero-day vulnerability ποΈ
π Read
via "The Daily Swig".
Both security bugs are now reportedly being exploited in the wildπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Spring4Shell: Spring users face new, zero-day vulnerability
Both security bugs are now reportedly being exploited in the wild
β Automaker Cybersecurity Lagging Behind Tech Adoption, Experts Warn β
π Read
via "Threat Post".
A bug in Honda is indicative of the sprawling car-attack surface that could give cyberattackers easy access to victims, as global use of βsmart car techβ and EVs surges.π Read
via "Threat Post".
Threat Post
Automaker Cybersecurity Lagging Behind Tech Adoption, Experts Warn
A bug in Honda is indicative of the sprawling car-attack surface that could give cyberattackers easy access to victims, as global use of βsmart car techβ and EVs surges.
π U.S. Election Officials Targeted in Phishing Campaign π
π Read
via "".
The campaign is part of what the FBI calls "a concerted effort to target US election officials."π Read
via "".
Digital Guardian
U.S. Election Officials Targeted in Phishing Campaign
The campaign is part of what the FBI calls "a concerted effort to target US election officials."
β Two different βVMware Springβ bugs at large β we cut through the confusion β
π Read
via "Naked Security".
Whoever came up with the name "Spring4Shell" didn't help at all... we cut through the Spring Bug confusionπ Read
via "Naked Security".
Naked Security
Two different βVMware Springβ bugs at large β we cut through the confusion
Whoever came up with the name βSpring4Shellβ didnβt help at allβ¦ we cut through the Spring Bug confusion
β Belarusian βGhostwriterβ Actor Picks Up BitB for Ukraine-Related Attacks β
π Read
via "Threat Post".
Ghostwriter is one of 3 campaigns using war-themed attacks, with cyber-fire coming in from government-backed actors in China, Iran, North Korea & Russia.π Read
via "Threat Post".
Threat Post
Belarusian βGhostwriterβ Actor Picks Up BitB for Ukraine-Related Attacks
Ghostwriter is one of 3 campaigns using war-themed attacks, with cyber-fire coming in from government-backed actors in China, Iran, North Korea & Russia.
π΄ U.S. Cyber Command Adds APUS as Member in Newly Formed Academic Network π΄
π Read
via "Dark Reading".
The Academic Engagement Network is designed to advance cybersecurity in four areas.π Read
via "Dark Reading".
Dark Reading
U.S. Cyber Command Adds APUS as Member in Newly Formed Academic Network
The Academic Engagement Network is designed to advance cybersecurity in four areas.
βΌ CVE-2021-34257 βΌ
π Read
via "National Vulnerability Database".
Multiple Remote Code Execution (RCE) vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to (1) Dashboard's Avatar image, (2) Posts Folder image, (3) Pages Folder image and (4) Gallery Folder image.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0350 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43506 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the password parameter in Login.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43505 βΌ
π Read
via "National Vulnerability Database".
Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Management System v1 via (1) Add new Client and (2) Add new invoice.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43484 βΌ
π Read
via "National Vulnerability Database".
A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42869 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 via the last_name parameter in the (1) patient/insert, (2) patient_report, (3) /appointment_report, (4) visit_report, and (5) /bill_detail_report pages.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43478 βΌ
π Read
via "National Vulnerability Database".
A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42868 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 in the first_name parameter in (1) patient/insert, (2) patient_report, (3) appointment_report, (4) visit_report, and (5) bill_detail_report pages. .π Read
via "National Vulnerability Database".
βΌ CVE-2021-42866 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the Site Description field in pixelimity/admin/setting.phpπ Read
via "National Vulnerability Database".