βΌ CVE-2022-20782 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges to the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20754 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the underlying operating system of an affected device as the root user. For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20741 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web-based management interface of the Network Diagrams application for Cisco Secure Network Analytics, formerly Stealthwatch Enterprise, could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.π Read
via "National Vulnerability Database".
π U.S. Disrupts Russian Botnet π
π Read
via "".
The Cyclops Blink botnet, which the U.S. has removed from vulnerable internet-connected firewall devices, been linked to the Russian hacking group Sandworm.π Read
via "".
Digital Guardian
U.S. Disrupts Russian Botnet
The Cyclops Blink botnet, which the U.S. has removed from vulnerable internet-connected firewall devices, been linked to the Russian hacking group Sandworm.
π΄ Eliminating Passwords: One Way Forward π΄
π Read
via "Dark Reading".
Fast Identity Online (FIDO) technology leverages security keys and biometrics to provide secure authentication.π Read
via "Dark Reading".
Dark Reading
Eliminating Passwords: One Way Forward
Fast Identity Online (FIDO) technology leverages security keys and biometrics to provide secure authentication.
π΄ Nearly 40% of Macs Left Exposed to Two Zero-Day Exploits π΄
π Read
via "Dark Reading".
Apple's emergency fixes last week for two actively exploited vulnerabilities neglected previous Big Sur and Catalina versions of macOS, security vendor says.π Read
via "Dark Reading".
Dark Reading
Nearly 40% of Macs Left Exposed to 2 Zero-Day Exploits
Apple's emergency fixes last week for two actively exploited vulnerabilities neglected previous Big Sur and Catalina versions of macOS, security vendor says.
βΌ CVE-2022-26607 βΌ
π Read
via "National Vulnerability Database".
A remote code execution (RCE) vulnerability in baigo CMS v3.0-alpha-2 was discovered to allow attackers to execute arbitrary code via uploading a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26591 βΌ
π Read
via "National Vulnerability Database".
FANTEC GmbH MWiD25-DS Firmware v2.000.030 allows unauthenticated attackers to access and download arbitrary files via a crafted GET request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26613 βΌ
π Read
via "National Vulnerability Database".
PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability via the category parameter in categorymenu.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26605 βΌ
π Read
via "National Vulnerability Database".
eZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload functionality.π Read
via "National Vulnerability Database".
π΄ Zoom's Bug Bounty Programs Soar to $1.8M π΄
π Read
via "Dark Reading".
Like other software-reliant firms, the company raised its rewards to spur additional scrutiny by security researchers.π Read
via "Dark Reading".
Dark Reading
Zoom's Bug Bounty Programs Soar to $1.8M
Like other software-reliant firms, the company raised its rewards to spur additional scrutiny by security researchers.
π΄ Nearly Two-Thirds of Ransomware Victims Paid Ransoms Last Year, Finds "2022 Cyberthreat Defense Report" π΄
π Read
via "Dark Reading".
Record-setting ransomware attacks, a shortage of skilled personnel, and low security awareness across the workforce cause headaches for IT security teams.π Read
via "Dark Reading".
Dark Reading
Nearly Two-Thirds of Ransomware Victims Paid Ransoms Last Year, Finds "2022 Cyberthreat Defense Report"
Record-setting ransomware attacks, a shortage of skilled personnel, and low security awareness across the workforce cause headaches for IT security teams.
βΌ CVE-2020-22253 βΌ
π Read
via "National Vulnerability Database".
Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, and HI3518E_50H10L_S39 were all discovered to have port 9530 open which allows unauthenticated attackers to make arbitrary Telnet connections with the victim device.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27374 βΌ
π Read
via "National Vulnerability Database".
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to a Replay Attack to BP Monitoring.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27819 βΌ
π Read
via "National Vulnerability Database".
SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a simple denial of service (memory exhaustion) upon an attempt to parse a large or infinite file (such as a block or character device).π Read
via "National Vulnerability Database".
βΌ CVE-2020-27376 βΌ
π Read
via "National Vulnerability Database".
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Missing Authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27373 βΌ
π Read
via "National Vulnerability Database".
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to Plain text command over BLE.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27375 βΌ
π Read
via "National Vulnerability Database".
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Transmitting Write Requests and Chars.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27818 βΌ
π Read
via "National Vulnerability Database".
SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service.π Read
via "National Vulnerability Database".
β Serious Security: Darkweb drugs market Hydra taken offline by German police β
π Read
via "Naked Security".
Why are Tor sites hard to locate and therefore difficult to take down? We explain in plain English...π Read
via "Naked Security".
Naked Security
Serious Security: Darkweb drugs market Hydra taken offline by German police
Why are Tor sites hard to locate and therefore difficult to take down? We explain in plain Englishβ¦
β€1π1
β S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now! Cybersecurity news and advice in plain English.π Read
via "Naked Security".
Naked Security
S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]
Latest episode β listen now! Cybersecurity news and advice in plain English.