βΌ CVE-2022-29040 βΌ
π Read
via "National Vulnerability Database".
Jenkins Git Parameter Plugin 0.9.15 and earlier does not escape the name and description of Git parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29042 βΌ
π Read
via "National Vulnerability Database".
Jenkins Job Generator Plugin 1.22 and earlier does not escape the name and description of Generator Parameter and Generator Choice parameters on Job Generator jobs' Build With Parameters views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29037 βΌ
π Read
via "National Vulnerability Database".
Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29048 βΌ
π Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Plugin 2.15.3 and earlier allows attackers to connect to an attacker-specified URL.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0436 βΌ
π Read
via "National Vulnerability Database".
Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2.π Read
via "National Vulnerability Database".
π΄ Russian Group Sandworm Foiled in Attempt to Disrupt Ukraine Power Grid π΄
π Read
via "Dark Reading".
The attack involved use of a new version of Industroyer tool for manipulating industrial control systems.π Read
via "Dark Reading".
Darkreading
Russian Group Sandworm Foiled in Attempt to Disrupt Ukraine Power Grid
The attack involved use of a new version of Industroyer tool for manipulating industrial control systems.
π΄ Microsoft Patches Windows Flaw Under Attack and Reported by NSA π΄
π Read
via "Dark Reading".
"Go patch your systems before" the exploit spreads more widely, ZDI warns.π Read
via "Dark Reading".
Darkreading
Microsoft Patches Windows Flaw Under Attack and Reported by NSA
"Go patch your systems before" the exploit spreads more widely, ZDI warns.
π΄ Microsoft Plans Windows Auto-Update Service for Enterprises π΄
π Read
via "Dark Reading".
Starting in July, the Windows Autopatch service will automatically patch all software bugs, including security updates, for Windows 10/11 Enterprise E3 customers, Microsoft says.π Read
via "Dark Reading".
Darkreading
Microsoft Plans Windows Auto-Update Service for Enterprises
Starting in July, the Windows Autopatch service will automatically patch all software bugs, including security updates, for Windows 10/11 Enterprise E3 customers, Microsoft says.
π Four Changing International Data Protection Laws to Keep an Eye On π
π Read
via "".
Organizations need to keep in mind changes to international data protection law and how they affect compliance demands.π Read
via "".
Digital Guardian
Four Changing International Data Protection Laws to Keep an Eye On
Organizations need to keep in mind international data protection law developments and how they affect compliance demands.
π΄ Criminal IP Cybersecurity Search Engine Launches First Beta Test π΄
π Read
via "Dark Reading".
Criminal IP visualizes all IT assets connected to the Internet based on IP addresses held by companies and individuals.π Read
via "Dark Reading".
Dark Reading
Criminal IP Cybersecurity Search Engine Launches First Beta Test
Criminal IP visualizes all IT assets connected to the Internet based on IP addresses held by companies and individuals.
π€―1
π΄ United States Leads Seizure of One of the Worldβs Largest Hacker Forums and Arrests Administrator π΄
π Read
via "Dark Reading".
Court records unsealed Tuesday indicate that the United States recently obtained judicial authorization to seize three domains that long hosted the RaidForums website.π Read
via "Dark Reading".
Darkreading
United States Leads Seizure of One of the Worldβs Largest Hacker Forums and Arrests Administrator
Court records unsealed Tuesday indicate that the United States recently obtained judicial authorization to seize three domains that long hosted the RaidForums website.
π΄ Datto to be Acquired by Kaseya for $6.2 Billion π΄
π Read
via "Dark Reading".
Funding led by Insight Partners.π Read
via "Dark Reading".
Darkreading
Datto to be Acquired by Kaseya for $6.2 Billion
Funding led by Insight Partners.
π΄ Intertrust Adds Security for IoT Devices in Zero-Trust Architectures to Intertrust Platform π΄
π Read
via "Dark Reading".
New features provide for end-to-end security and interoperability between data operations and multivendor IoT devices.π Read
via "Dark Reading".
Darkreading
Intertrust Adds Security for IoT Devices in Zero-Trust Architectures to Intertrust Platform
New features provide for end-to-end security and interoperability between data operations and multivendor IoT devices.
βΌ CVE-2022-1339 βΌ
π Read
via "National Vulnerability Database".
SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the dataπ Read
via "National Vulnerability Database".
ποΈ African banking sector targeted by malware-based phishing campaign ποΈ
π Read
via "The Daily Swig".
Attackers use HTML smuggling techniques to hide malicious files in fake job opportunitiesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
African banking sector targeted by malware-based phishing campaign
Attackers use HTML smuggling techniques to hide malicious files in fake job opportunities
βΌ CVE-2020-29653 βΌ
π Read
via "National Vulnerability Database".
Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27475 βΌ
π Read
via "National Vulnerability Database".
Cross site scripting (XSS) vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24308 βΌ
π Read
via "National Vulnerability Database".
Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install process.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43742 βΌ
π Read
via "National Vulnerability Database".
CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file upload feature.π Read
via "National Vulnerability Database".
π΄ Identifying a Vulnerability in the SAP Software Supply Chain π΄
π Read
via "Dark Reading".
Make sure you're using the patch to block this supply chain attack.π Read
via "Dark Reading".
Darkreading
Identifying a Vulnerability in the SAP Software Supply Chain
Make sure you're using the patch to block this supply chain attack.
β Hospital robot system gets five critical security holes patched β
π Read
via "Naked Security".
Fortunately, we're not talking about a robot revolution, or about hospital AI run amuck. But these bugs could lead to ransomware, or worse...π Read
via "Naked Security".
Naked Security
Hospital robot system gets five critical security holes patched
Fortunately, weβre not talking about a robot revolution, or about hospital AI run amuck. But these bugs could lead to ransomware, or worseβ¦