π΄ 76% of Organizations Worldwide Expect to Suffer a Cyberattack This Year π΄
π Read
via "Dark Reading".
Study shows that more than 35% have suffered seven or more successful attacks.π Read
via "Dark Reading".
Dark Reading
76% of Organizations Worldwide Expect to Suffer a Cyberattack This Year
Study shows that more than 35% have suffered seven or more successful attacks.
βΌ CVE-2022-29464 βΌ
π Read
via "National Vulnerability Database".
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. This affects WSO2 API Manager 2.2.0 and above through 4.0.0; WSO2 Identity Server 5.2.0 and above through 5.11.0; WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, and 5.6.0; WSO2 Identity Server as Key Manager 5.3.0 and above through 5.10.0; and WSO2 Enterprise Integrator 6.2.0 and above through 6.6.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24841 βΌ
π Read
via "National Vulnerability Database".
fleetdm/fleet is an open source device management, built on osquery. All versions of fleet making use of the teams feature are affected by this authorization bypass issue. Fleet instances without teams, or with teams but without restricted team accounts are not affected. In affected versions a team admin can erroneously add themselves as admin, maintainer or observer on other teams. Users are advised to upgrade to version 4.13. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-28108 βΌ
π Read
via "National Vulnerability Database".
Selenium Server (Grid) before 4 allows CSRF because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1065 βΌ
π Read
via "National Vulnerability Database".
A vulnerability within the authentication process of Abacus ERP allows a remote attacker to bypass the second authentication factor. This issue affects: Abacus ERP v2022 versions prior to R1 of 2022-01-15; v2021 versions prior to R4 of 2022-01-15; v2020 versions prior to R6 of 2022-01-15; v2019 versions later than R5 (service pack); v2018 versions later than R5 (service pack). This issue does not affect: Abacus ERP v2019 versions prior to R5 of 2020-03-15; v2018 versions prior to R7 of 2020-04-15; v2017 version and prior versions and prior versions.π Read
via "National Vulnerability Database".
π΄ Verica Launches Prowler Pro to Make AWS Security Simpler for Customers π΄
π Read
via "Dark Reading".
The enterprise grade solution will provide enhanced cloud security and provide new open-source tools.π Read
via "Dark Reading".
Dark Reading
Verica Launches Prowler Pro to Make AWS Security Simpler for Customers
The enterprise grade solution will provide enhanced cloud security and provide new open-source tools.
ποΈ Utah Consumer Privacy Act: New legislation adds another wrinkle to the US legal landscape ποΈ
π Read
via "The Daily Swig".
Soon to be enacted law provides further governance for citizensβ dataπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Utah Consumer Privacy Act: New legislation adds another wrinkle to the US legal landscape
Soon to be enacted law provides further governance for citizensβ data
π΄ How to Interpret the EU's Guidance on DNS Abuse Worldwide π΄
π Read
via "Dark Reading".
From higher standards in top-level domains to increased adoption of security controls, stepped-up measures can help fight DNS abuse and protect Web domains.π Read
via "Dark Reading".
Dark Reading
How to Interpret the EU's Guidance on DNS Abuse Worldwide
From higher standards in top-level domains to increased adoption of security controls, stepped-up measures can help fight DNS abuse and protect Web domains.
βΌ CVE-2022-27927 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code and/or customer_number parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0645 βΌ
π Read
via "National Vulnerability Database".
Open redirect vulnerability via endpoint authorize_and_redirect/?redirect= in GitHub repository posthog/posthog prior to 1.34.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26595 βΌ
π Read
via "National Vulnerability Database".
Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment UI.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41570 βΌ
π Read
via "National Vulnerability Database".
Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password field during a Settings/Configuration Add operation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26593 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset category.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43129 βΌ
π Read
via "National Vulnerability Database".
An Access Control vulnerability exists in Desire2Learn/D2L Learning Management System (LMS) 20.21.7 via the quizzing feature, which allows a remote malicious user to disable the Disable right click control.π Read
via "National Vulnerability Database".
π XDNR Shellcode Cryptor / Encoder π
π Read
via "Packet Storm Security".
X0R Cryptor with DEC/N0T/R0R encoder plus random byte insertion.π Read
via "Packet Storm Security".
Packetstormsecurity
XDNR Shellcode Cryptor / Encoder β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Beanstalk cryptocurrency heist: scammer votes himself all the money β
π Read
via "Naked Security".
Voting safeguards based on commuity collateral don't work if one person can use a momentary loan to "become" 75% of the community.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Protect Your Executivesβ Cybersecurity Amidst Global Cyberwar β
π Read
via "Threat Post".
In this time of unprecedented cyberwar, organizations must protect the personal digital lives of their executives in order to reduce the companyβs risk of direct or collateral damage.π Read
via "Threat Post".
Threat Post
Protect Your Executivesβ Cybersecurity Amidst Global Cyberwar
The importance of protecting executives' personal digital lives during cyberwar. Read more to learn about five safeguards to protect executives and the company.
β βCatalanGateβ Spyware Infections Tied to NSO Group β
π Read
via "Threat Post".
Citizen Lab uncovers multi-year campaign targeting autonomous region of Spain, called Catalonia.π Read
via "Threat Post".
Threat Post
βCatalanGateβ Spyware Infections Tied to NSO Group
Citizen Lab uncovers multi-year campaign targeting autonomous region of Spain, called Catalonia.
βΌ CVE-2022-29315 βΌ
π Read
via "National Vulnerability Database".
Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used.π Read
via "National Vulnerability Database".
β Rethinking Cyber-Defense Strategies in the Public-Cloud Age β
π Read
via "Threat Post".
Exploring what's next for public-cloud security, including top risks and how to implement better risk management.π Read
via "Threat Post".
Threat Post
Rethinking Cyber-Defense Strategies in the Public-Cloud Age
Exploring what's next for public-cloud security, including top risks and how to implement better risk management.
βΌ CVE-2021-39072 βΌ
π Read
via "National Vulnerability Database".
IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 215581.π Read
via "National Vulnerability Database".