β Automaker Cybersecurity Lagging Behind Tech Adoption, Experts Warn β
π Read
via "Threat Post".
A bug in Honda is indicative of the sprawling car-attack surface that could give cyberattackers easy access to victims, as global use of βsmart car techβ and EVs surges.π Read
via "Threat Post".
Threat Post
Automaker Cybersecurity Lagging Behind Tech Adoption, Experts Warn
A bug in Honda is indicative of the sprawling car-attack surface that could give cyberattackers easy access to victims, as global use of βsmart car techβ and EVs surges.
π U.S. Election Officials Targeted in Phishing Campaign π
π Read
via "".
The campaign is part of what the FBI calls "a concerted effort to target US election officials."π Read
via "".
Digital Guardian
U.S. Election Officials Targeted in Phishing Campaign
The campaign is part of what the FBI calls "a concerted effort to target US election officials."
β Two different βVMware Springβ bugs at large β we cut through the confusion β
π Read
via "Naked Security".
Whoever came up with the name "Spring4Shell" didn't help at all... we cut through the Spring Bug confusionπ Read
via "Naked Security".
Naked Security
Two different βVMware Springβ bugs at large β we cut through the confusion
Whoever came up with the name βSpring4Shellβ didnβt help at allβ¦ we cut through the Spring Bug confusion
β Belarusian βGhostwriterβ Actor Picks Up BitB for Ukraine-Related Attacks β
π Read
via "Threat Post".
Ghostwriter is one of 3 campaigns using war-themed attacks, with cyber-fire coming in from government-backed actors in China, Iran, North Korea & Russia.π Read
via "Threat Post".
Threat Post
Belarusian βGhostwriterβ Actor Picks Up BitB for Ukraine-Related Attacks
Ghostwriter is one of 3 campaigns using war-themed attacks, with cyber-fire coming in from government-backed actors in China, Iran, North Korea & Russia.
π΄ U.S. Cyber Command Adds APUS as Member in Newly Formed Academic Network π΄
π Read
via "Dark Reading".
The Academic Engagement Network is designed to advance cybersecurity in four areas.π Read
via "Dark Reading".
Dark Reading
U.S. Cyber Command Adds APUS as Member in Newly Formed Academic Network
The Academic Engagement Network is designed to advance cybersecurity in four areas.
βΌ CVE-2021-34257 βΌ
π Read
via "National Vulnerability Database".
Multiple Remote Code Execution (RCE) vulnerabilities exist in WPanel 4 4.3.1 and below via a malicious PHP file upload to (1) Dashboard's Avatar image, (2) Posts Folder image, (3) Pages Folder image and (4) Gallery Folder image.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0350 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 3.8.13.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43506 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the password parameter in Login.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43505 βΌ
π Read
via "National Vulnerability Database".
Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Management System v1 via (1) Add new Client and (2) Add new invoice.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43484 βΌ
π Read
via "National Vulnerability Database".
A Remote Code Execution (RCE) vulnerability exists in Simple Client Management System 1.0 in create.php due to the failure to validate the extension of the file being sent in a request.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42869 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 via the last_name parameter in the (1) patient/insert, (2) patient_report, (3) /appointment_report, (4) visit_report, and (5) /bill_detail_report pages.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43478 βΌ
π Read
via "National Vulnerability Database".
A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42868 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 in the first_name parameter in (1) patient/insert, (2) patient_report, (3) appointment_report, (4) visit_report, and (5) bill_detail_report pages. .π Read
via "National Vulnerability Database".
βΌ CVE-2021-42866 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the Site Description field in pixelimity/admin/setting.phpπ Read
via "National Vulnerability Database".
βΌ CVE-2022-22311 βΌ
π Read
via "National Vulnerability Database".
IBM Security Verify Access could allow a user, using man in the middle techniques, to obtain sensitive information or possibly change some information due to improper validiation of JWT tokens.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42867 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability exists in DanPros htmly 2.8.1 via the Description field in (1) admin/config, and (2) index.php pages.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36625 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in Dolibarr ERP/CRM 13.0.2 (fixed version is 14.0.0) via a POST request to the country_id parameter in an UPDATE statement.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42946 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Scripting (XSS) vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page.π Read
via "National Vulnerability Database".
βΌ CVE-2021-37517 βΌ
π Read
via "National Vulnerability Database".
An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service.π Read
via "National Vulnerability Database".
π΄ Global BEC Crackdown Nets 65 Suspects π΄
π Read
via "Dark Reading".
FBI and international law enforcement agencies execute "Operation Eagle Sweep."π Read
via "Dark Reading".
Dark Reading
Global BEC Crackdown Nets 65 Suspects
FBI and international law enforcement agencies execute "Operation Eagle Sweep."
π΄ Ransomware: Should Companies Ever Pay Up? π΄
π Read
via "Dark Reading".
Ransomware is a major threat, and no business is "too small to target." So what should you do after an attack? Is negotiating with criminals ever the answer?π Read
via "Dark Reading".
Dark Reading
Ransomware: Should Companies Ever Pay Up?
Ransomware is a major threat, and no business is "too small to target." So what should you do after an attack? Is negotiating with criminals ever the answer?