βΌ CVE-2022-28367 βΌ
π Read
via "National Vulnerability Database".
OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1429 βΌ
π Read
via "National Vulnerability Database".
SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the dataπ Read
via "National Vulnerability Database".
βΌ CVE-2022-26672 βΌ
π Read
via "National Vulnerability Database".
ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user account allows the attacker to access, modify or delete this user account information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26673 βΌ
π Read
via "National Vulnerability Database".
ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform Stored Cross-Site Scripting (XSS) attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26674 βΌ
π Read
via "National Vulnerability Database".
ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service.π Read
via "National Vulnerability Database".
β Skeletons in the Closet: Security 101 Takes a Backseat to 0-days β
π Read
via "Threat Post".
Nate Warfield, CTO at Prevailion, discusses the dangers of focusing on zero-day security vulnerabilities, and how security teams are being distracted from the day-to-day work that prevents most breaches.π Read
via "Threat Post".
Threat Post
Skeletons in the Closet: Security 101 Takes a Backseat to 0-days
Nate Warfield, CTO at Prevailion, discusses the dangers of focusing on zero-day security vulnerabilities, and how security teams are being distracted from the day-to-day work that prevents most breaches.
π1
β Zero-Trust For All: A Practical Guide β
π Read
via "Threat Post".
How to use zero-trust architecture effectively in today's modern cloud-dependent infrastructures.π Read
via "Threat Post".
Threat Post
Zero-Trust For All: A Practical Guide
How to use zero-trust architecture effectively in today's modern cloud-dependent infrastructures.
β S3 Ep79: Chrome hole, a bad place for a cybersecurity holiday, and crypto-dodginess [Podcast] β
π Read
via "Naked Security".
Do you know your Adam Osborne from your John Osbourne? Your Z80 from your 6502? Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep79: Chrome hole, a bad place for a cybersecurity holiday, and crypto-dodginess [Podcast]
Do you know your Adam Osborne from your John Osbourne? Your Z80 from your 6502? Latest episode β listen now!
π1
βοΈ Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code βοΈ
π Read
via "Krebs on Security".
KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. The logs show LAPSUS$ breached T-Mobile multiple times in March, stealing source code for a range of company projects. T-Mobile says no customer or government information was stolen in the intrusion. LAPSUS$ is known for stealing data and then demanding a ransom not to publish or sell it. But the leaked chats indicate this mercenary activity was of little interest to the tyrannical teenage leader of LAPSUS$, whose obsession with stealing and leaking proprietary computer source code from the worldβs largest tech companies ultimately led to the groupβs undoing.π Read
via "Krebs on Security".
Krebs on Security
Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code
KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. The logs show LAPSUS$ breached T-Mobile multiple timesβ¦
ποΈ Vulnerability in AWS Log4Shell hot patch allowed full host takeover ποΈ
π Read
via "The Daily Swig".
Critical security issues found in quick fixπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Hot patch for Log4Shell vulnerability in AWS allowed full host takeover
Critical security issues found in quick fix
π΄ Creating Cyberattack Resilience in Modern Education Environments π΄
π Read
via "Dark Reading".
From increasing cybersecurity awareness in staff, students, and parents to practicing good security hygiene for devices, using endpoint protection, and inspecting network traffic, schools can boost cybersecurity to keep students safe.π Read
via "Dark Reading".
Dark Reading
Creating Cyberattack Resilience in Modern Education Environments
From increasing cybersecurity awareness in staff, students, and parents to practicing good security hygiene for devices, using endpoint protection, and inspecting network traffic, schools can boost cybersecurity to keep students safe.
π Zeek 4.2.1 π
π Read
via "Packet Storm Security".
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Zeek 4.2.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π1
ποΈ Pwn2Own Miami: Hackers earn $400,000 by cracking ICS platforms ποΈ
π Read
via "The Daily Swig".
Industrial control insecurity laid bare during competitionπ Read
via "The Daily Swig".
portswigger.net
Web Application Security, Testing, & Scanning - PortSwigger
PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilities.
β QNAP warns of new bugs in its Network Attached Storage devices β
π Read
via "Naked Security".
Here's what you need to know - plus some sensible advice for all the devices on your home or small biz network!π Read
via "Naked Security".
Naked Security
QNAP warns of new bugs in its Network Attached Storage devices
Hereβs what you need to know β plus some sensible advice for all the devices on your home or small biz network!
π΄ Comcast Business 2021 DDoS Threat Report: DDoS Becomes a Bigger Priority as Multivector Attacks are on the Rise π΄
π Read
via "Dark Reading".
Comcast Business mitigated 24,845 multi-vector DDoS attacks in 2021, a 47 percent increase over 2020.π Read
via "Dark Reading".
Dark Reading
Comcast Business 2021 DDoS Threat Report: DDoS Becomes a Bigger Priority as Multivector Attacks are on the Rise
Comcast Business mitigated 24,845 multi-vector DDoS attacks in 2021, a 47 percent increase over 2020.
π΄ Bitdefender Enhances Premium VPN Service With New Privacy Protection Technologies π΄
π Read
via "Dark Reading".
New ad blocker and anti-tracker modules as well as whitelist capabilities provide consumers with secure and private Web browsing.π Read
via "Dark Reading".
Dark Reading
Bitdefender Enhances Premium VPN Service With New Privacy Protection Technologies
New ad blocker and anti-tracker modules as well as whitelist capabilities provide consumers with secure and private Web browsing.
π΄ Contrast Security Introduces Cloud-Native Automation π΄
π Read
via "Dark Reading".
New integrations enable Contrast capabilities to be delivered to Red Hat OpenShift users.π Read
via "Dark Reading".
Dark Reading
Contrast Security Introduces Cloud-Native Automation
New integrations enable Contrast capabilities to be delivered to Red Hat OpenShift users.
π΄ CyberUSA, and Superus Careers Launch Cyber Career Exchange Platform π΄
π Read
via "Dark Reading".
Collaboration aimed at connecting talent and employers.π Read
via "Dark Reading".
Dark Reading
CyberUSA, and Superus Careers Launch Cyber Career Exchange Platform
Collaboration aimed at connecting talent and employers.
π΄ Fortress Information Security Receives $125M Strategic Investment from Goldman Sachs Asset Management π΄
π Read
via "Dark Reading".
.π Read
via "Dark Reading".
Dark Reading
Fortress Information Security Receives $125M Strategic Investment from Goldman Sachs Asset Management
π΄ Forescout Enhances Continuum Platform With New OT Capabilities π΄
π Read
via "Dark Reading".
New capabilities enable improved OT and IoT asset visibility along with data-powered threat detection and cost-effective deployments at scale.π Read
via "Dark Reading".
Dark Reading
Forescout Enhances Continuum Platform With New OT Capabilities
New capabilities enable improved OT and IoT asset visibility along with data-powered threat detection and cost-effective deployments at scale.
π΄ PerimeterX Code Defender Extends Capability To Stop Supply Chain Attacks π΄
π Read
via "Dark Reading".
Client-side web app security solution introduces features that give real-time visibility and control of the website attack surface, enabling businesses to stop PII theft and comply with data privacy regulations.π Read
via "Dark Reading".
Dark Reading
PerimeterX Code Defender Extends Capability To Stop Supply Chain Attacks
Client-side web app security solution introduces features that give real-time visibility and control of the website attack surface, enabling businesses to stop PII theft and comply with data privacy regulations.