βΌ CVE-2020-22253 βΌ
π Read
via "National Vulnerability Database".
Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, and HI3518E_50H10L_S39 were all discovered to have port 9530 open which allows unauthenticated attackers to make arbitrary Telnet connections with the victim device.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27374 βΌ
π Read
via "National Vulnerability Database".
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to a Replay Attack to BP Monitoring.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27819 βΌ
π Read
via "National Vulnerability Database".
SWHKD 1.1.5 allows unsafe parsing via the -c option. An information leak might occur but there is a simple denial of service (memory exhaustion) upon an attempt to parse a large or infinite file (such as a block or character device).π Read
via "National Vulnerability Database".
βΌ CVE-2020-27376 βΌ
π Read
via "National Vulnerability Database".
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Missing Authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27373 βΌ
π Read
via "National Vulnerability Database".
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to Plain text command over BLE.π Read
via "National Vulnerability Database".
βΌ CVE-2020-27375 βΌ
π Read
via "National Vulnerability Database".
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Transmitting Write Requests and Chars.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27818 βΌ
π Read
via "National Vulnerability Database".
SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service.π Read
via "National Vulnerability Database".
β Serious Security: Darkweb drugs market Hydra taken offline by German police β
π Read
via "Naked Security".
Why are Tor sites hard to locate and therefore difficult to take down? We explain in plain English...π Read
via "Naked Security".
Naked Security
Serious Security: Darkweb drugs market Hydra taken offline by German police
Why are Tor sites hard to locate and therefore difficult to take down? We explain in plain Englishβ¦
β€1π1
β S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now! Cybersecurity news and advice in plain English.π Read
via "Naked Security".
Naked Security
S3 Ep77: Bugs, busts and old-school PDP-11 hacking [Podcast]
Latest episode β listen now! Cybersecurity news and advice in plain English.
βΌ CVE-2021-46416 βΌ
π Read
via "National Vulnerability Database".
Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23900 βΌ
π Read
via "National Vulnerability Database".
A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST request through /cgi-bin/adm.cgi.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46417 βΌ
π Read
via "National Vulnerability Database".
Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580.π Read
via "National Vulnerability Database".
π1
β MacOS Malware: Myth vs. Truth β Podcast β
π Read
via "Threat Post".
Huntress Labs R&D Director Jamie Levy busts the old βMacs donβt get virusesβ myth and offers tips on how MacOS malware differs and how to protect against it.π Read
via "Threat Post".
ποΈ Apple paid out $36,000 bug bounty for HTTP request smuggling flaws on core web apps β research ποΈ
π Read
via "The Daily Swig".
Queue poisoning attacks allegedly put accounts at risk of takeoverπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Apple paid out $36,000 bug bounty for HTTP request smuggling flaws on core web apps β research
Queue poisoning attacks allegedly put accounts at risk of takeover
π΄ The Blurring Line, and Growing Risk, Between Physical and Digital Supply Chains π΄
π Read
via "Dark Reading".
Risk increases as the lines between physical and digital supply chains blur and the computing footprint expands.π Read
via "Dark Reading".
Dark Reading
The Blurring Line, and Growing Risk, Between Physical and Digital Supply Chains
Risk increases as the lines between physical and digital supply chains blur and the computing footprint expands.
π΄ Nearly Two-Thirds of Organizations Hit with Ransomware Paid Up in 2021 π΄
π Read
via "Dark Reading".
CyberEdge report contains data on the skills shortage, the hottest security tech in 2022, the weakest links of the year, specialty certifications in demand, and more.π Read
via "Dark Reading".
Dark Reading
Nearly Two-Thirds of Organizations Hit with Ransomware Paid Up in 2021
CyberEdge report contains data on the skills shortage, the hottest security tech in 2022, the weakest links of the year, specialty certifications in demand, and more.
π΄ Blumira Unveils Cloud SIEM With Integrated Detection and Response for SMBs π΄
π Read
via "Dark Reading".
Self-service cloud SIEM comes in free and paid editions.π Read
via "Dark Reading".
Dark Reading
Blumira Unveils Cloud SIEM With Integrated Detection and Response for SMBs
Self-service cloud SIEM comes in free and paid editions.
β SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts β
π Read
via "Threat Post".
Researchers discovered the vulnerability in an API already integrated into many bank systems, which could have defrauded millions of users by giving attackers access to their funds.π Read
via "Threat Post".
Threat Post
SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts
Researchers discovered the vulnerability in an API already integrated into many bank systems, which could have defrauded millions of users by giving attackers access to their funds.
π1
ποΈ Wake-up call: Is the infosec skills gap causing a mental health crisis? ποΈ
π Read
via "The Daily Swig".
Increasing workloads are causing depression and anxiety among frontline security staff, report claimsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Wake-up call: Is the infosec skills gap causing a mental health crisis?
Increasing workloads are causing depression and anxiety among frontline security staff, report claims
π1
βΌ CVE-2021-46418 βΌ
π Read
via "National Vulnerability Database".
An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-46419 βΌ
π Read
via "National Vulnerability Database".
An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts.π Read
via "National Vulnerability Database".
π1