‼ CVE-2021-4225 ‼
📖 Read
via "National Vulnerability Database".
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29419 ‼
📖 Read
via "National Vulnerability Database".
SQL Injection (SQLi) vulnerability in Don Crowther's 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28290 ‼
📖 Read
via "National Vulnerability Database".
Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request📖 Read
via "National Vulnerability Database".
🕴 Mastercard Launches Next-Generation Identity Technology with Microsoft 🕴
📖 Read
via "Dark Reading".
New 'trust' tool improves online experience and helps tackle digital fraud.📖 Read
via "Dark Reading".
Dark Reading
Mastercard Launches Next-Generation Identity Technology with Microsoft
New 'trust' tool improves online experience and helps tackle digital fraud.
🕴 When Security Meets Development: The DevSecOps Conundrum 🕴
📖 Read
via "Dark Reading".
The DevSecOps journey is well worth undertaking because it can improve communication, speed up development, and ensure quality products.📖 Read
via "Dark Reading".
Dark Reading
When Security Meets Development: The DevSecOps Conundrum
The DevSecOps journey is well worth undertaking because it can improve communication, speed up development, and ensure quality products.
‼ CVE-2021-35250 ‼
📖 Read
via "National Vulnerability Database".
A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23457 ‼
📖 Read
via "National Vulnerability Database".
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the tested input string as a child of the specified parent directory. This potentially could allow control-flow bypass checks to be defeated if an attack can specify the entire string representing the 'input' path. This vulnerability is patched in release 2.3.0.0 of ESAPI. As a workaround, it is possible to write one's own implementation of the Validator interface. However, maintainers do not recommend this.📖 Read
via "National Vulnerability Database".
🕴 North Korean State Actors Deploying Novel Malware to Spy on Journalists 🕴
📖 Read
via "Dark Reading".
Spear-phishing campaign loaded with new "Goldbackdoor" malware targeted journalists with NK News, analysts found.📖 Read
via "Dark Reading".
Dark Reading
North Korean State Actors Deploying Novel Malware to Spy on Journalists
Spear-phishing campaign loaded with new "Goldbackdoor" malware targeted journalists with NK News, analysts found.
🕴 Iranian Hacking Group Among Those Exploiting Recently Disclosed VMWare RCE Flaw 🕴
📖 Read
via "Dark Reading".
Threat actor is using the flaw to deliver Core Impact backdoor on vulnerable systems, security vendor says.📖 Read
via "Dark Reading".
Dark Reading
Iranian Hacking Group Among Those Exploiting Recently Disclosed VMware RCE Flaw
Threat actor is using the flaw to deliver Core Impact backdoor on vulnerable systems, security vendor says.
🕴 What the ECDSA Flaw in Java Means for Enterprises 🕴
📖 Read
via "Dark Reading".
This Tech Tip reminds developers and security teams to check what version of Java they are running. Whether they are vulnerable to the ECDSA flaw boils down to the version number.📖 Read
via "Dark Reading".
Dark Reading
What the ECDSA Flaw in Java Means for Enterprises
This Tech Tip reminds developers and security teams to check what version of Java they are running. Whether they are vulnerable to the ECDSA flaw boils down to the version number.
👍1
‼ CVE-2022-24880 ‼
📖 Read
via "National Vulnerability Database".
flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he `captcha.validate()` function would return `None` if passed no value (e.g. by submitting an having an empty form). If implementing users were checking the return value to be **False**, the captcha verification check could be bypassed. Version 1.2.1 fixes the issue. Users can workaround the issue by not explicitly checking that the value is False. Checking the return value less explicitly should still work.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29499 ‼
📖 Read
via "National Vulnerability Database".
The Service Appliance component in Mitel MiVoice Connect through 19.2 SP3 allows remote code execution because of incorrect data validation. The Service Appliances are SA 100, SA 400, and Virtual SA.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29806 ‼
📖 Read
via "National Vulnerability Database".
ZoneMinder before 1.36.13 allows remote code execution via an invalid language.📖 Read
via "National Vulnerability Database".
❌ Firms Push for CVE-Like Cloud Bug System ❌
📖 Read
via "Threat Post".
Researchers propose fresh approaches to cloud-security bugs and mitigating exposure, impact and risk.📖 Read
via "Threat Post".
Threat Post
Firms Push for CVE-Like Cloud Bug System
Researchers propose fresh approaches to cloud-security bugs and mitigating exposure, impact and risk.
‼ CVE-2022-24706 ‼
📖 Read
via "National Vulnerability Database".
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.📖 Read
via "National Vulnerability Database".
🕴 SecurityScorecard Launches Cyber Risk Quantification Portfolio 🕴
📖 Read
via "Dark Reading".
SecurityScorecard's Cyber Risk Quantification portfolio helps customers understand the financial impact of a cyber-attack.📖 Read
via "Dark Reading".
Dark Reading
SecurityScorecard Launches Cyber Risk Quantification Portfolio
SecurityScorecard's Cyber Risk Quantification portfolio helps customers understand the financial impact of a cyber-attack.
👍1
🕴 Introducing Apostro: A Risk Management Platform for Web3 Security 🕴
📖 Read
via "Dark Reading".
Apostro's system will monitor all transactions to identify malicious behavior that can cause damage to DeFi protocols.📖 Read
via "Dark Reading".
Dark Reading
Introducing Apostro: A Risk Management Platform for Web3 Security
Apostro's system will monitor all transactions to identify malicious behavior that can cause damage to DeFi protocols.
🛠 GNU Privacy Guard 2.2.35 🛠
📖 Read
via "Packet Storm Security".
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.📖 Read
via "Packet Storm Security".
Packetstormsecurity
GNU Privacy Guard 2.2.35 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 Mandos Encrypted File System Unattended Reboot Utility 1.8.15 🛠
📖 Read
via "Packet Storm Security".
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.📖 Read
via "Packet Storm Security".
Packetstormsecurity
Mandos Encrypted File System Unattended Reboot Utility 1.8.15 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 GNU Privacy Guard 2.3.6 🛠
📖 Read
via "Packet Storm Security".
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.📖 Read
via "Packet Storm Security".
Packetstormsecurity
GNU Privacy Guard 2.3.6 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
👍1
🕴 Cyber Conflict Overshadowed a Major Government Ransomware Alert 🕴
📖 Read
via "Dark Reading".
The FBI warns that ransomware targets are no longer predictably the biggest, richest organizations, and that attackers have leveled up to victimize organizations of all sizes.📖 Read
via "Dark Reading".
Dark Reading
Cyber Conflict Overshadowed a Major Government Ransomware Alert
The FBI warns that ransomware targets are no longer predictably the biggest, richest organizations, and that attackers have leveled up to victimize organizations of all sizes.