π΄ Ransomware: Should Companies Ever Pay Up? π΄
π Read
via "Dark Reading".
Ransomware is a major threat, and no business is "too small to target." So what should you do after an attack? Is negotiating with criminals ever the answer?π Read
via "Dark Reading".
Dark Reading
Ransomware: Should Companies Ever Pay Up?
Ransomware is a major threat, and no business is "too small to target." So what should you do after an attack? Is negotiating with criminals ever the answer?
βΌ CVE-2021-43707 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26546 βΌ
π Read
via "National Vulnerability Database".
Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43479 βΌ
π Read
via "National Vulnerability Database".
A Remote Code Execution (RCE) vulnerability exists in The-Secretary 2.5 via install.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43722 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size.π Read
via "National Vulnerability Database".
π΄ Vulnerabilities in Rockwell Automation PLCs Could Enable Stuxnet-Like Attacks π΄
π Read
via "Dark Reading".
CISA urges organizations using affected technologies to implement recommended mitigation measures.π Read
via "Dark Reading".
Dark Reading
Vulnerabilities in Rockwell Automation PLCs
CISA urges organizations using affected technologies to implement recommended mitigation measures.
βοΈ Fake Emergency Search Warrants Draw Scrutiny from Capitol Hill βοΈ
π Read
via "Krebs on Security".
On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. Today, one of the U.S. Senate's most tech-savvy lawmakers said he was troubled by the report and is now asking technology companies and federal agencies for information about the frequency of such schemes.π Read
via "Krebs on Security".
Krebs on Security
Fake Emergency Search Warrants Draw Scrutiny from Capitol Hill
On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. Today, one of the U.S. Senate's mostβ¦
β S3 Ep76: Deadbolt, LAPSUS$, Zlib, and a Chrome 0-day [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep76: Deadbolt, LAPSUS$, Zlib, and a Chrome 0-day [Podcast]
Latest episode β listen now!
β Two different βVMware Springβ bugs at large β we cut through the confusion β
π Read
via "Naked Security".
Whoever came up with the name "Spring4Shell" didn't help at all... we cut through the Spring Bug confusionπ Read
via "Naked Security".
Naked Security
Two different βVMware Springβ bugs at large β we cut through the confusion
Whoever came up with the name βSpring4Shellβ didnβt help at allβ¦ we cut through the Spring Bug confusion
β Apple pushes out two emergency 0-day updates β get βem now! β
π Read
via "Naked Security".
More Apple zero-days - mobile devices, laptops and desktops affected. Update now!π Read
via "Naked Security".
Naked Security
Apple pushes out two emergency 0-day updates β get βem now!
More Apple zero-days β mobile devices, laptops and desktops affected. Update now!
βΌ CVE-2022-27963 βΌ
π Read
via "National Vulnerability Database".
Xftp 7.0.0088p and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24758 βΌ
π Read
via "National Vulnerability Database".
The Jupyter notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.9, unauthorized actors can access sensitive information from server logs. Anytime a 5xx error is triggered, the auth cookie and other header values are recorded in Jupyter server logs by default. Considering these logs do not require root access, an attacker can monitor these logs, steal sensitive auth/cookie information, and gain access to the Jupyter server. Jupyter notebook version 6.4.x contains a patch for this issue. There are currently no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24797 βΌ
π Read
via "National Vulnerability Database".
Pomerium is an identity-aware access proxy. In distributed service mode, Pomerium's Authenticate service exposes pprof debug and prometheus metrics handlers to untrusted traffic. This can leak potentially sensitive environmental information or lead to limited denial of service conditions. This issue is patched in version v0.17.1 Workarounds: Block access to `/debug` and `/metrics` paths on the authenticate service. This can be done with any L7 proxy, including Pomerium's own proxy service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46439 βΌ
π Read
via "National Vulnerability Database".
The WinSEGAV AutoConfig service in EG Free Antivirus v2020 suffers from a local privilege escalation vulnerability, due to unquoted paths in the service's executable path.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24794 βΌ
π Read
via "National Vulnerability Database".
Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the `requiresAuth` middleware, either directly or through the default `authRequired` option, are vulnerable to an Open Redirect when the middleware is applied to a catch all route. If all routes under `example.com` are protected with the `requiresAuth` middleware, a visit to `http://example.com//google.com` will be redirected to `google.com` after login because the original url reported by the Express framework is not properly sanitized. This vulnerability affects versions prior to 2.7.2. Users are advised to upgrade. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27052 βΌ
π Read
via "National Vulnerability Database".
FreeFtpd version 1.0.13 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24791 βΌ
π Read
via "National Vulnerability Database".
Wasmtime is a standalone JIT-style runtime for WebAssembly, using Cranelift. There is a use after free vulnerability in Wasmtime when both running Wasm that uses externrefs and enabling epoch interruption in Wasmtime. If you are not explicitly enabling epoch interruption (it is disabled by default) then you are not affected. If you are explicitly disabling the Wasm reference types proposal (it is enabled by default) then you are also not affected. The use after free is caused by Cranelift failing to emit stack maps when there are safepoints inside cold blocks. Cold blocks occur when epoch interruption is enabled. Cold blocks are emitted at the end of compiled functions, and change the order blocks are emitted versus defined. This reordering accidentally caused Cranelift to skip emitting some stack maps because it expected to emit the stack maps in block definition order, rather than block emission order. When Wasmtime would eventually collect garbage, it would fail to find live references on the stack because of the missing stack maps, think that they were unreferenced garbage, and therefore reclaim them. Then after the collection ended, the Wasm code could use the reclaimed-too-early references, which is a use after free. Patches have been released in versions 0.34.2 and 0.35.2, which fix the vulnerability. All Wasmtime users are recommended to upgrade to these patched versions. If upgrading is not an option for you at this time, you can avoid the vulnerability by either: disabling the Wasm reference types proposal, config.wasm_reference_types(false); or by disabling epoch interruption if you were previously enabling it. config.epoch_interruption(false).π Read
via "National Vulnerability Database".
βΌ CVE-2022-27049 βΌ
π Read
via "National Vulnerability Database".
Raidrive before v2021.12.35 allows attackers to arbitrarily move log files by pre-creating a mountpoint and log files before Raidrive is installed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27965 βΌ
π Read
via "National Vulnerability Database".
Xlpd v7.0.0094 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27050 βΌ
π Read
via "National Vulnerability Database".
BitComet Service for Windows before version 1.8.6 contains an unquoted service path vulnerability which allows attackers to escalate privileges to the system level.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27964 βΌ
π Read
via "National Vulnerability Database".
Xmanager v7.0.0096 and below contains a binary hijack vulnerability which allows attackers to execute arbitrary code via a crafted .exe file.π Read
via "National Vulnerability Database".