βΌ CVE-2022-23900 βΌ
π Read
via "National Vulnerability Database".
A command injection vulnerability in the API of the Wavlink WL-WN531P3 router, version M31G3.V5030.201204, allows an attacker to achieve unauthorized remote code execution via a malicious POST request through /cgi-bin/adm.cgi.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46417 βΌ
π Read
via "National Vulnerability Database".
Insecure handling of a download function leads to disclosure of internal files due to path traversal with root privileges in Franklin Fueling Systems Colibri Controller Module 1.8.19.8580.π Read
via "National Vulnerability Database".
π1
β MacOS Malware: Myth vs. Truth β Podcast β
π Read
via "Threat Post".
Huntress Labs R&D Director Jamie Levy busts the old βMacs donβt get virusesβ myth and offers tips on how MacOS malware differs and how to protect against it.π Read
via "Threat Post".
ποΈ Apple paid out $36,000 bug bounty for HTTP request smuggling flaws on core web apps β research ποΈ
π Read
via "The Daily Swig".
Queue poisoning attacks allegedly put accounts at risk of takeoverπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Apple paid out $36,000 bug bounty for HTTP request smuggling flaws on core web apps β research
Queue poisoning attacks allegedly put accounts at risk of takeover
π΄ The Blurring Line, and Growing Risk, Between Physical and Digital Supply Chains π΄
π Read
via "Dark Reading".
Risk increases as the lines between physical and digital supply chains blur and the computing footprint expands.π Read
via "Dark Reading".
Dark Reading
The Blurring Line, and Growing Risk, Between Physical and Digital Supply Chains
Risk increases as the lines between physical and digital supply chains blur and the computing footprint expands.
π΄ Nearly Two-Thirds of Organizations Hit with Ransomware Paid Up in 2021 π΄
π Read
via "Dark Reading".
CyberEdge report contains data on the skills shortage, the hottest security tech in 2022, the weakest links of the year, specialty certifications in demand, and more.π Read
via "Dark Reading".
Dark Reading
Nearly Two-Thirds of Organizations Hit with Ransomware Paid Up in 2021
CyberEdge report contains data on the skills shortage, the hottest security tech in 2022, the weakest links of the year, specialty certifications in demand, and more.
π΄ Blumira Unveils Cloud SIEM With Integrated Detection and Response for SMBs π΄
π Read
via "Dark Reading".
Self-service cloud SIEM comes in free and paid editions.π Read
via "Dark Reading".
Dark Reading
Blumira Unveils Cloud SIEM With Integrated Detection and Response for SMBs
Self-service cloud SIEM comes in free and paid editions.
β SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts β
π Read
via "Threat Post".
Researchers discovered the vulnerability in an API already integrated into many bank systems, which could have defrauded millions of users by giving attackers access to their funds.π Read
via "Threat Post".
Threat Post
SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts
Researchers discovered the vulnerability in an API already integrated into many bank systems, which could have defrauded millions of users by giving attackers access to their funds.
π1
ποΈ Wake-up call: Is the infosec skills gap causing a mental health crisis? ποΈ
π Read
via "The Daily Swig".
Increasing workloads are causing depression and anxiety among frontline security staff, report claimsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Wake-up call: Is the infosec skills gap causing a mental health crisis?
Increasing workloads are causing depression and anxiety among frontline security staff, report claims
π1
βΌ CVE-2021-46418 βΌ
π Read
via "National Vulnerability Database".
An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-46419 βΌ
π Read
via "National Vulnerability Database".
An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts.π Read
via "National Vulnerability Database".
π1
π΄ Keysight Delivers Zero Trust Test Solution π΄
π Read
via "Dark Reading".
Enables network equipment manufacturers to validate devices in distributed cloud networks.π Read
via "Dark Reading".
Dark Reading
Keysight Delivers Zero Trust Test Solution
Enables network equipment manufacturers to validate devices in distributed cloud networks.
π2
ποΈ VMware patches critical flaws in Workspace ONE Access identity management software ποΈ
π Read
via "The Daily Swig".
Virtual realityπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
VMware patches critical flaws in Workspace ONE Access identity management software
Virtual reality
π΄ Nord Security Raises First Outside Capital at $1.6B Valuation π΄
π Read
via "Dark Reading".
Financing raised from Novator Ventures, Burda Principal Investments, General Catalyst, and leading angel investors.π Read
via "Dark Reading".
Dark Reading
Nord Security Raises First Outside Capital at $1.6B Valuation
Financing raised from Novator Ventures, Burda Principal Investments, General Catalyst, and leading angel investors.
βΌ CVE-2022-27016 βΌ
π Read
via "National Vulnerability Database".
There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of Tenda AC9 15.03.2.21_cn.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25339 βΌ
π Read
via "National Vulnerability Database".
ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25338 βΌ
π Read
via "National Vulnerability Database".
ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26627 βΌ
π Read
via "National Vulnerability Database".
Online Project Time Management System v1.0 was discovered to contain an arbitrary file write vulnerability which allows attackers to execute arbitrary code via a crafted HTML file.π Read
via "National Vulnerability Database".
π΄ Top Application Security Mitigations in Q1 of 2022 π΄
π Read
via "Dark Reading".
What is the best way to mitigate application security attacks? Learn how companies have mitigated the top threats.π Read
via "Dark Reading".
Dark Reading
Top Application Security Mitigations in Q1 of 2022
What is the best way to mitigate application security attacks? Learn how companies have mitigated the top threats.
βΌ CVE-2022-23972 βΌ
π Read
via "National Vulnerability Database".
ASUS RT-AX56UΓ’β¬β’s SQL handling function has an SQL injection vulnerability due to insufficient user input validation. An unauthenticated LAN attacker to inject arbitrary SQL code to read, modify and delete database.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22515 βΌ
π Read
via "National Vulnerability Database".
A remote, unauthenticated attacker could utilize the control programmer of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products.π Read
via "National Vulnerability Database".