βΌ CVE-2022-26909 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26912.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26895 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26891 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26908, CVE-2022-26909, CVE-2022-26912.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26908 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24475, CVE-2022-26891, CVE-2022-26894, CVE-2022-26895, CVE-2022-26900, CVE-2022-26909, CVE-2022-26912.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28116 βΌ
π Read
via "National Vulnerability Database".
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28468 βΌ
π Read
via "National Vulnerability Database".
Payroll Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter.π Read
via "National Vulnerability Database".
π΄ Developers Increasingly Prioritize Secure Coding π΄
π Read
via "Dark Reading".
But "old habits are hard to break," with 48% of developers still shipping code with vulnerabilities.π Read
via "Dark Reading".
Dark Reading
Developers Increasingly Prioritize Secure Coding
But "old habits are hard to break," with 48% of developers still shipping code with vulnerabilities.
β Firefox 99 is out β no major bugs, but update anyway! β
π Read
via "Naked Security".
Firefox's four-weekly updates just dropped - here's what you need to know.π Read
via "Naked Security".
Naked Security
Firefox 99 is out β no major bugs, but update anyway!
Firefoxβs four-weekly updates just dropped β hereβs what you need to know.
β Googleβs monthly Android updates patch numerous βget rootβ holes β
π Read
via "Naked Security".
Get the update now... if it's available for your phone. Here's how to check.π Read
via "Naked Security".
Naked Security
Googleβs monthly Android updates patch numerous βget rootβ holes
Get the update nowβ¦ if itβs available for your phone. Hereβs how to check.
π΄ Microsoft Details New Security Features for Windows 11 π΄
π Read
via "Dark Reading".
Security features to come include a TPM-like security processor for protecting artifacts that a computer uses during the secure boot-up process, as well as a control for blocking unsigned and untrusted apps.π Read
via "Dark Reading".
Dark Reading
Microsoft Details New Security Features for Windows 11
Security features to come include a TPM-like security processor for protecting artifacts that a computer uses during the secure boot-up process, as well as a control for blocking unsigned and untrusted apps.
βΌ CVE-2022-23446 βΌ
π Read
via "National Vulnerability Database".
A improper control of a resource through its lifetime in Fortinet FortiEDR version 5.0.3 and earlier allows attacker to make the whole application unresponsive via changing its root directory access permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23441 βΌ
π Read
via "National Vulnerability Database".
A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiEDR versions 5.0.2, 5.0.1, 5.0.0, 4.0.0 may allow an unauthenticated attacker on the network to disguise as and forge messages from other collectors.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29013 βΌ
π Read
via "National Vulnerability Database".
An improper input validation vulnerability in the sniffer interface of FortiSandbox before 3.2.2 may allow an authenticated attacker to silently halt the sniffer via specifically crafted requests.π Read
via "National Vulnerability Database".
β Attackers Spoof WhatsApp Voice-Message Alerts to Steal Info β
π Read
via "Threat Post".
Threat actors target Office 365 and Google Workspace in a new campaign, which uses a legitimate domain associated with a road-safety center in Moscow to send messages.π Read
via "Threat Post".
Threat Post
Attackers Spoof WhatsApp Voice-Message Alerts to Steal Info
Threat actors target Office 365 and Google Workspace in a new campaign, which uses a legitimate domain associated with a road-safety center in Moscow to send messages.
ποΈ UK retailer The Works blames store closures on POS problems following cyber-attack ποΈ
π Read
via "The Daily Swig".
Discount chain is working to restore stock deliveriesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
UK retailer The Works blames store closures on POS problems following cyber-attack
Discount chain is working to restore stock deliveries
π΄ Why XDR As We Know It Will Fail π΄
π Read
via "Dark Reading".
Don't take the XDR hype at face value. Do security due diligence and add a connectivity level for data access across all silos for best response.π Read
via "Dark Reading".
Dark Reading
Why XDR As We Know It Will Fail
Don't take the XDR hype at face value. Do security due diligence and add a connectivity level for data access across all silos for best response.
βΌ CVE-2022-1253 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to 1.0.8.π Read
via "National Vulnerability Database".
ποΈ Authorities seize Hydra servers in bust against darknet cybercrime marketplace ποΈ
π Read
via "The Daily Swig".
Wretched hive of villainy shut downπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Authorities seize Hydra servers in bust against darknet cybercrime marketplace
Wretched hive of villainy shut down
β Serious Security: Darkweb drugs market Hydra taken offline by German police β
π Read
via "Naked Security".
Why are Tor sites hard to locate and therefore difficult to take down? We explain in plain English...π Read
via "Naked Security".
Naked Security
Serious Security: Darkweb drugs market Hydra taken offline by German police
Why are Tor sites hard to locate and therefore difficult to take down? We explain in plain Englishβ¦
βΌ CVE-2022-24786 βΌ
π Read
via "National Vulnerability Database".
PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses pjmedia_rtcp_fb_parse_rpsi() will be affected. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27108 βΌ
π Read
via "National Vulnerability Database".
OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony/web/index.php/time/createTimesheet`. Any user can create a timesheet in another user's account.π Read
via "National Vulnerability Database".