ποΈ Utah Consumer Privacy Act: New legislation adds another wrinkle to the US legal landscape ποΈ
π Read
via "The Daily Swig".
Soon to be enacted law provides further governance for citizensβ dataπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Utah Consumer Privacy Act: New legislation adds another wrinkle to the US legal landscape
Soon to be enacted law provides further governance for citizensβ data
π΄ How to Interpret the EU's Guidance on DNS Abuse Worldwide π΄
π Read
via "Dark Reading".
From higher standards in top-level domains to increased adoption of security controls, stepped-up measures can help fight DNS abuse and protect Web domains.π Read
via "Dark Reading".
Dark Reading
How to Interpret the EU's Guidance on DNS Abuse Worldwide
From higher standards in top-level domains to increased adoption of security controls, stepped-up measures can help fight DNS abuse and protect Web domains.
βΌ CVE-2022-27927 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code and/or customer_number parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0645 βΌ
π Read
via "National Vulnerability Database".
Open redirect vulnerability via endpoint authorize_and_redirect/?redirect= in GitHub repository posthog/posthog prior to 1.34.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26595 βΌ
π Read
via "National Vulnerability Database".
Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment UI.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41570 βΌ
π Read
via "National Vulnerability Database".
Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password field during a Settings/Configuration Add operation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26593 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset category.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43129 βΌ
π Read
via "National Vulnerability Database".
An Access Control vulnerability exists in Desire2Learn/D2L Learning Management System (LMS) 20.21.7 via the quizzing feature, which allows a remote malicious user to disable the Disable right click control.π Read
via "National Vulnerability Database".
π XDNR Shellcode Cryptor / Encoder π
π Read
via "Packet Storm Security".
X0R Cryptor with DEC/N0T/R0R encoder plus random byte insertion.π Read
via "Packet Storm Security".
Packetstormsecurity
XDNR Shellcode Cryptor / Encoder β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Beanstalk cryptocurrency heist: scammer votes himself all the money β
π Read
via "Naked Security".
Voting safeguards based on commuity collateral don't work if one person can use a momentary loan to "become" 75% of the community.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Protect Your Executivesβ Cybersecurity Amidst Global Cyberwar β
π Read
via "Threat Post".
In this time of unprecedented cyberwar, organizations must protect the personal digital lives of their executives in order to reduce the companyβs risk of direct or collateral damage.π Read
via "Threat Post".
Threat Post
Protect Your Executivesβ Cybersecurity Amidst Global Cyberwar
The importance of protecting executives' personal digital lives during cyberwar. Read more to learn about five safeguards to protect executives and the company.
β βCatalanGateβ Spyware Infections Tied to NSO Group β
π Read
via "Threat Post".
Citizen Lab uncovers multi-year campaign targeting autonomous region of Spain, called Catalonia.π Read
via "Threat Post".
Threat Post
βCatalanGateβ Spyware Infections Tied to NSO Group
Citizen Lab uncovers multi-year campaign targeting autonomous region of Spain, called Catalonia.
βΌ CVE-2022-29315 βΌ
π Read
via "National Vulnerability Database".
Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used.π Read
via "National Vulnerability Database".
β Rethinking Cyber-Defense Strategies in the Public-Cloud Age β
π Read
via "Threat Post".
Exploring what's next for public-cloud security, including top risks and how to implement better risk management.π Read
via "Threat Post".
Threat Post
Rethinking Cyber-Defense Strategies in the Public-Cloud Age
Exploring what's next for public-cloud security, including top risks and how to implement better risk management.
βΌ CVE-2021-39072 βΌ
π Read
via "National Vulnerability Database".
IBM Security Guardium 11.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 215581.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44519 βΌ
π Read
via "National Vulnerability Database".
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29153 βΌ
π Read
via "National Vulnerability Database".
HashiCorp Consul and Consul Enterprise through 2022-04-12 allow SSRF.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27055 βΌ
π Read
via "National Vulnerability Database".
** DISPUTED ** ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage via content/apps/installer/classes/Helper.php. When the web program is installed, a new environment file is created, and the database information is recorded, including the database record password. NOTE: the vendor disputes this because the environment file is in the data directory, which is not intended for access by website visitors (only the statics directory can be accessed by website visitors).π Read
via "National Vulnerability Database".
βΌ CVE-2022-27104 βΌ
π Read
via "National Vulnerability Database".
An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39076 βΌ
π Read
via "National Vulnerability Database".
IBM Security Guardium 10.5 and 11.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 215585.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39078 βΌ
π Read
via "National Vulnerability Database".
IBM Security Guardium 10.5 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 215589.π Read
via "National Vulnerability Database".