βΌ CVE-2020-29013 βΌ
π Read
via "National Vulnerability Database".
An improper input validation vulnerability in the sniffer interface of FortiSandbox before 3.2.2 may allow an authenticated attacker to silently halt the sniffer via specifically crafted requests.π Read
via "National Vulnerability Database".
β Attackers Spoof WhatsApp Voice-Message Alerts to Steal Info β
π Read
via "Threat Post".
Threat actors target Office 365 and Google Workspace in a new campaign, which uses a legitimate domain associated with a road-safety center in Moscow to send messages.π Read
via "Threat Post".
Threat Post
Attackers Spoof WhatsApp Voice-Message Alerts to Steal Info
Threat actors target Office 365 and Google Workspace in a new campaign, which uses a legitimate domain associated with a road-safety center in Moscow to send messages.
ποΈ UK retailer The Works blames store closures on POS problems following cyber-attack ποΈ
π Read
via "The Daily Swig".
Discount chain is working to restore stock deliveriesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
UK retailer The Works blames store closures on POS problems following cyber-attack
Discount chain is working to restore stock deliveries
π΄ Why XDR As We Know It Will Fail π΄
π Read
via "Dark Reading".
Don't take the XDR hype at face value. Do security due diligence and add a connectivity level for data access across all silos for best response.π Read
via "Dark Reading".
Dark Reading
Why XDR As We Know It Will Fail
Don't take the XDR hype at face value. Do security due diligence and add a connectivity level for data access across all silos for best response.
βΌ CVE-2022-1253 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to 1.0.8.π Read
via "National Vulnerability Database".
ποΈ Authorities seize Hydra servers in bust against darknet cybercrime marketplace ποΈ
π Read
via "The Daily Swig".
Wretched hive of villainy shut downπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Authorities seize Hydra servers in bust against darknet cybercrime marketplace
Wretched hive of villainy shut down
β Serious Security: Darkweb drugs market Hydra taken offline by German police β
π Read
via "Naked Security".
Why are Tor sites hard to locate and therefore difficult to take down? We explain in plain English...π Read
via "Naked Security".
Naked Security
Serious Security: Darkweb drugs market Hydra taken offline by German police
Why are Tor sites hard to locate and therefore difficult to take down? We explain in plain Englishβ¦
βΌ CVE-2022-24786 βΌ
π Read
via "National Vulnerability Database".
PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI (Reference Picture Selection Indication) packet, but any app that directly uses pjmedia_rtcp_fb_parse_rpsi() will be affected. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27108 βΌ
π Read
via "National Vulnerability Database".
OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony/web/index.php/time/createTimesheet`. Any user can create a timesheet in another user's account.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24793 βΌ
π Read
via "National Vulnerability Database".
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that uses PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver instead.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27109 βΌ
π Read
via "National Vulnerability Database".
OrangeHRM 4.10 suffers from a Referer header injection redirect vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27110 βΌ
π Read
via "National Vulnerability Database".
OrangeHRM 4.10 is vulnerable to a Host header injection redirect via viewPersonalDetails endpoint.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27107 βΌ
π Read
via "National Vulnerability Database".
OrangeHRM 4.10 is vulnerable to Stored XSS in the "Share Video" section under "OrangeBuzz" via the GET/POST "createVideo[linkAddress]" parameterπ Read
via "National Vulnerability Database".
π΄ Linux Systems Are Becoming Bigger Targets π΄
π Read
via "Dark Reading".
To prevent Linux exploits, organizations should establish an integrated security approach that extends to the network edge.π Read
via "Dark Reading".
Dark Reading
Linux Systems Are Becoming Bigger Targets
To prevent Linux exploits, organizations should establish an integrated security approach that extends to the network edge.
π΄ FBI-Led Operation Disrupts Russian GRU Botnet π΄
π Read
via "Dark Reading".
"Cyclops Blink" operation disabled firewalls behind the Sandworm hacking team's network of infected victim devices.π Read
via "Dark Reading".
Dark Reading
FBI-Led Operation Disrupts Russian GRU Botnet
"Cyclops Blink" operation disabled firewalls behind the Sandworm hacking team's network of infected victim devices.
βοΈ The Original APT: Advanced Persistent Teenagers βοΈ
π Read
via "Krebs on Security".
Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach. But few organizations have a playbook for responding to the kinds of virtual "smash and grab" attacks we've seen recently from LAPSUS$, a juvenile data extortion group whose short-lived, low-tech and remarkably effective tactics are putting some of the world's biggest corporations on edge.π Read
via "Krebs on Security".
Krebs on Security
The Original APT: Advanced Persistent Teenagers
Many organizations are already struggling to combat cybersecurity threats from ransomware purveyors and state-sponsored hacking groups, both of which tend to take days or weeks to pivot from an opportunistic malware infection to a full blown data breach.β¦
βΌ CVE-2021-32585 βΌ
π Read
via "National Vulnerability Database".
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiWAN before 4.5.9 may allow an attacker to perform a stored cross-site scripting attack via specifically crafted HTTP requests.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26116 βΌ
π Read
via "National Vulnerability Database".
An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26113 βΌ
π Read
via "National Vulnerability Database".
A use of a one-way hash with a predictable salt vulnerability [CWE-760] in FortiWAN before 4.5.9 may allow an attacker who has previously come in possession of the password file to potentially guess passwords therein stored.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43138 βΌ
π Read
via "National Vulnerability Database".
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2) , which could let a malicious user obtain privileges via the mapValues() method.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22127 βΌ
π Read
via "National Vulnerability Database".
An improper input validation vulnerability in FortiClient for Linux 6.4.x before 6.4.3, FortiClient for Linux 6.2.x before 6.2.9 may allow an unauthenticated attacker to execute arbitrary code on the host operating system as root via tricking the user into connecting to a network with a malicious name.π Read
via "National Vulnerability Database".