β Firms Push for CVE-Like Cloud Bug System β
π Read
via "Threat Post".
Researchers propose fresh approaches to cloud-security bugs and mitigating exposure, impact and risk.π Read
via "Threat Post".
Threat Post
Firms Push for CVE-Like Cloud Bug System
Researchers propose fresh approaches to cloud-security bugs and mitigating exposure, impact and risk.
βΌ CVE-2022-24706 βΌ
π Read
via "National Vulnerability Database".
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front of all CouchDB installations.π Read
via "National Vulnerability Database".
π΄ SecurityScorecard Launches Cyber Risk Quantification Portfolio π΄
π Read
via "Dark Reading".
SecurityScorecard's Cyber Risk Quantification portfolio helps customers understand the financial impact of a cyber-attack.π Read
via "Dark Reading".
Dark Reading
SecurityScorecard Launches Cyber Risk Quantification Portfolio
SecurityScorecard's Cyber Risk Quantification portfolio helps customers understand the financial impact of a cyber-attack.
π1
π΄ Introducing Apostro: A Risk Management Platform for Web3 Security π΄
π Read
via "Dark Reading".
Apostro's system will monitor all transactions to identify malicious behavior that can cause damage to DeFi protocols.π Read
via "Dark Reading".
Dark Reading
Introducing Apostro: A Risk Management Platform for Web3 Security
Apostro's system will monitor all transactions to identify malicious behavior that can cause damage to DeFi protocols.
π GNU Privacy Guard 2.2.35 π
π Read
via "Packet Storm Security".
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions. This is the LTS release.π Read
via "Packet Storm Security".
Packetstormsecurity
GNU Privacy Guard 2.2.35 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Mandos Encrypted File System Unattended Reboot Utility 1.8.15 π
π Read
via "Packet Storm Security".
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.π Read
via "Packet Storm Security".
Packetstormsecurity
Mandos Encrypted File System Unattended Reboot Utility 1.8.15 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π GNU Privacy Guard 2.3.6 π
π Read
via "Packet Storm Security".
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.π Read
via "Packet Storm Security".
Packetstormsecurity
GNU Privacy Guard 2.3.6 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π1
π΄ Cyber Conflict Overshadowed a Major Government Ransomware Alert π΄
π Read
via "Dark Reading".
The FBI warns that ransomware targets are no longer predictably the biggest, richest organizations, and that attackers have leveled up to victimize organizations of all sizes.π Read
via "Dark Reading".
Dark Reading
Cyber Conflict Overshadowed a Major Government Ransomware Alert
The FBI warns that ransomware targets are no longer predictably the biggest, richest organizations, and that attackers have leveled up to victimize organizations of all sizes.
ποΈ Bug bounty platform Intigriti offers new hourly payment option for vulnerability researchers ποΈ
π Read
via "The Daily Swig".
Pentesting-meets-bug bounty model announced todayπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bug bounty platform Intigriti offers new hourly payment option for vulnerability researchers
Pen testing-meets-bug bounty model announced today
βΌ CVE-2022-27469 βΌ
π Read
via "National Vulnerability Database".
Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF).π Read
via "National Vulnerability Database".
βΌ CVE-2022-27985 βΌ
π Read
via "National Vulnerability Database".
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27984 βΌ
π Read
via "National Vulnerability Database".
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27299 βΌ
π Read
via "National Vulnerability Database".
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27468 βΌ
π Read
via "National Vulnerability Database".
Monstaftp v2.10.3 was discovered to contain an arbitrary file upload which allows attackers to execute arbitrary code via a crafted file uploaded to the web server.π Read
via "National Vulnerability Database".
π΄ API Attacks Soar Amid the Growing Application Surface Area π΄
π Read
via "Dark Reading".
With Web application programming interface (API) traffic growing quickly, the average cloud-focused company sees three times more attacks.π Read
via "Dark Reading".
Dark Reading
API Attacks Soar Amid the Growing Application Surface Area
With Web application programming interface (API) traffic growing quickly, the average cloud-focused company sees three times more attacks.
ποΈ Disavowed: Chrome plans to deprecate βdocument.domainβ lays the groundwork for shift in browser security ποΈ
π Read
via "The Daily Swig".
Making document.domain immutableπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Disavowed: Chrome plans to deprecate βdocument.domainβ lays the groundwork for shift in browser security
Making document.domain immutable
π΄ CISA Taps Veteran CISO Bob Lord for Technical Adviser Role π΄
π Read
via "Dark Reading".
Lord previously spearheaded security for the Democratic National Committee and held leadership roles at companies including Yahoo, Rapid7, and Twitter.π Read
via "Dark Reading".
Dark Reading
CISA Taps Veteran CISO Bob Lord for Technical Adviser Role
Lord previously spearheaded security for the Democratic National Committee and held leadership roles at companies including Yahoo, Rapid7, and Twitter.
βΌ CVE-2022-24882 βΌ
π Read
via "National Vulnerability Database".
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1173 βΌ
π Read
via "National Vulnerability Database".
stored xss in GitHub repository getgrav/grav prior to 1.7.33.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23942 βΌ
π Read
via "National Vulnerability Database".
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24881 βΌ
π Read
via "National Vulnerability Database".
Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but input verification is not done. The fault is rectified in version 1.0.0.beta.2.π Read
via "National Vulnerability Database".