β S3 Ep76: Deadbolt, LAPSUS$, Zlib, and a Chrome 0-day [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep76: Deadbolt, LAPSUS$, Zlib, and a Chrome 0-day [Podcast]
Latest episode β listen now!
β βVMware Spring Cloudβ Java bug gives instant remote code execution β update now! β
π Read
via "Naked Security".
Easy unauthenticated remote code execution - PoC code already outπ Read
via "Naked Security".
Naked Security
βVMware Spring Cloud Functionβ Java bug gives instant remote code execution β update now!
Easy unauthenticated remote code execution β PoC code already out
π΄ Protecting Your Organization Against a New Class of Cyber Threats: HEAT π΄
π Read
via "Dark Reading".
Take a preventative threat approach and apply security measures near end users, applications, and data to increase protection.π Read
via "Dark Reading".
Dark Reading
Protecting Your Organization Against a New Class of Cyber Threats: HEAT
Take a preventative threat approach and apply security measures near end users, applications, and data to increase protection.
ποΈ Spring4Shell: Spring users face new, zero-day vulnerability ποΈ
π Read
via "The Daily Swig".
Both security bugs are now reportedly being exploited in the wildπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Spring4Shell: Spring users face new, zero-day vulnerability
Both security bugs are now reportedly being exploited in the wild
β Automaker Cybersecurity Lagging Behind Tech Adoption, Experts Warn β
π Read
via "Threat Post".
A bug in Honda is indicative of the sprawling car-attack surface that could give cyberattackers easy access to victims, as global use of βsmart car techβ and EVs surges.π Read
via "Threat Post".
Threat Post
Automaker Cybersecurity Lagging Behind Tech Adoption, Experts Warn
A bug in Honda is indicative of the sprawling car-attack surface that could give cyberattackers easy access to victims, as global use of βsmart car techβ and EVs surges.
π U.S. Election Officials Targeted in Phishing Campaign π
π Read
via "".
The campaign is part of what the FBI calls "a concerted effort to target US election officials."π Read
via "".
Digital Guardian
U.S. Election Officials Targeted in Phishing Campaign
The campaign is part of what the FBI calls "a concerted effort to target US election officials."
β Two different βVMware Springβ bugs at large β we cut through the confusion β
π Read
via "Naked Security".
Whoever came up with the name "Spring4Shell" didn't help at all... we cut through the Spring Bug confusionπ Read
via "Naked Security".
Naked Security
Two different βVMware Springβ bugs at large β we cut through the confusion
Whoever came up with the name βSpring4Shellβ didnβt help at allβ¦ we cut through the Spring Bug confusion
β Belarusian βGhostwriterβ Actor Picks Up BitB for Ukraine-Related Attacks β
π Read
via "Threat Post".
Ghostwriter is one of 3 campaigns using war-themed attacks, with cyber-fire coming in from government-backed actors in China, Iran, North Korea & Russia.π Read
via "Threat Post".
Threat Post
Belarusian βGhostwriterβ Actor Picks Up BitB for Ukraine-Related Attacks
Ghostwriter is one of 3 campaigns using war-themed attacks, with cyber-fire coming in from government-backed actors in China, Iran, North Korea & Russia.
π΄ U.S. Cyber Command Adds APUS as Member in Newly Formed Academic Network π΄
π Read
via "Dark Reading".
The Academic Engagement Network is designed to advance cybersecurity in four areas.π Read
via "Dark Reading".
Dark Reading
U.S. Cyber Command Adds APUS as Member in Newly Formed Academic Network
The Academic Engagement Network is designed to advance cybersecurity in four areas.
βΌ CVE-2021-34257 βΌ
π Read
via "National Vulnerability Database".
Multiple Remote Code Execution (RCE) vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to (1) Dashboard's Avatar image, (2) Posts Folder image, (3) Pages Folder image and (4) Gallery Folder image.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0350 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43506 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the password parameter in Login.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43505 βΌ
π Read
via "National Vulnerability Database".
Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Management System v1 via (1) Add new Client and (2) Add new invoice.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43484 βΌ
π Read
via "National Vulnerability Database".
A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42869 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 via the last_name parameter in the (1) patient/insert, (2) patient_report, (3) /appointment_report, (4) visit_report, and (5) /bill_detail_report pages.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43478 βΌ
π Read
via "National Vulnerability Database".
A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42868 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 in the first_name parameter in (1) patient/insert, (2) patient_report, (3) appointment_report, (4) visit_report, and (5) bill_detail_report pages. .π Read
via "National Vulnerability Database".
βΌ CVE-2021-42866 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the Site Description field in pixelimity/admin/setting.phpπ Read
via "National Vulnerability Database".
βΌ CVE-2022-22311 βΌ
π Read
via "National Vulnerability Database".
IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42867 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability exists in DanPros htmly 2.8.1 via the Description field in (1) admin/config, and (2) index.php pages.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36625 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement.π Read
via "National Vulnerability Database".