π Mandos Encrypted File System Unattended Reboot Utility 1.8.15 π
π Read
via "Packet Storm Security".
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.π Read
via "Packet Storm Security".
Packetstormsecurity
Mandos Encrypted File System Unattended Reboot Utility 1.8.15 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π GNU Privacy Guard 2.3.6 π
π Read
via "Packet Storm Security".
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.π Read
via "Packet Storm Security".
Packetstormsecurity
GNU Privacy Guard 2.3.6 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π1
π΄ Cyber Conflict Overshadowed a Major Government Ransomware Alert π΄
π Read
via "Dark Reading".
The FBI warns that ransomware targets are no longer predictably the biggest, richest organizations, and that attackers have leveled up to victimize organizations of all sizes.π Read
via "Dark Reading".
Dark Reading
Cyber Conflict Overshadowed a Major Government Ransomware Alert
The FBI warns that ransomware targets are no longer predictably the biggest, richest organizations, and that attackers have leveled up to victimize organizations of all sizes.
ποΈ Bug bounty platform Intigriti offers new hourly payment option for vulnerability researchers ποΈ
π Read
via "The Daily Swig".
Pentesting-meets-bug bounty model announced todayπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bug bounty platform Intigriti offers new hourly payment option for vulnerability researchers
Pen testing-meets-bug bounty model announced today
βΌ CVE-2022-27469 βΌ
π Read
via "National Vulnerability Database".
Monstaftp v2.10.3 was discovered to allow attackers to execute Server-Side Request Forgery (SSRF).π Read
via "National Vulnerability Database".
βΌ CVE-2022-27985 βΌ
π Read
via "National Vulnerability Database".
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27984 βΌ
π Read
via "National Vulnerability Database".
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27299 βΌ
π Read
via "National Vulnerability Database".
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the component room.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27468 βΌ
π Read
via "National Vulnerability Database".
Monstaftp v2.10.3 was discovered to contain an arbitrary file upload which allows attackers to execute arbitrary code via a crafted file uploaded to the web server.π Read
via "National Vulnerability Database".
π΄ API Attacks Soar Amid the Growing Application Surface Area π΄
π Read
via "Dark Reading".
With Web application programming interface (API) traffic growing quickly, the average cloud-focused company sees three times more attacks.π Read
via "Dark Reading".
Dark Reading
API Attacks Soar Amid the Growing Application Surface Area
With Web application programming interface (API) traffic growing quickly, the average cloud-focused company sees three times more attacks.
ποΈ Disavowed: Chrome plans to deprecate βdocument.domainβ lays the groundwork for shift in browser security ποΈ
π Read
via "The Daily Swig".
Making document.domain immutableπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Disavowed: Chrome plans to deprecate βdocument.domainβ lays the groundwork for shift in browser security
Making document.domain immutable
π΄ CISA Taps Veteran CISO Bob Lord for Technical Adviser Role π΄
π Read
via "Dark Reading".
Lord previously spearheaded security for the Democratic National Committee and held leadership roles at companies including Yahoo, Rapid7, and Twitter.π Read
via "Dark Reading".
Dark Reading
CISA Taps Veteran CISO Bob Lord for Technical Adviser Role
Lord previously spearheaded security for the Democratic National Committee and held leadership roles at companies including Yahoo, Rapid7, and Twitter.
βΌ CVE-2022-24882 βΌ
π Read
via "National Vulnerability Database".
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1173 βΌ
π Read
via "National Vulnerability Database".
stored xss in GitHub repository getgrav/grav prior to 1.7.33.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23942 βΌ
π Read
via "National Vulnerability Database".
Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24881 βΌ
π Read
via "National Vulnerability Database".
Ballcat Codegen provides the function of online editing code to generate templates. In versions prior to 1.0.0.beta.2, attackers can implement remote code execution through malicious code injection of the template engine. This happens because Velocity and freemarker templates are introduced but input verification is not done. The fault is rectified in version 1.0.0.beta.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24883 βΌ
π Read
via "National Vulnerability Database".
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left.π Read
via "National Vulnerability Database".
π΄ The Ins and Outs of Secure Infrastructure as Code π΄
π Read
via "Dark Reading".
The move to IaC has its challenges but done right can fundamentally improve an organization's overall security posture.π Read
via "Dark Reading".
Dark Reading
The Ins and Outs of Secure Infrastructure as Code
The move to IaC has its challenges but done right can fundamentally improve an organization's overall security posture.
π Post-Lapsus$, HHS Warns Healthcare Industry of Insider Threat Risks π
π Read
via "".
Following last month's Lapsus$ hacks, federal authorities are reminding healthcare organizations about the danger of insider threats.π Read
via "".
Digital Guardian
Post-Lapsus$, HHS Warns Healthcare Industry of Insider Threat Risks
Following last month's Lapsus$ hacks, federal authorities are reminding healthcare organizations about the danger of insider threats.
βΌ CVE-2021-26628 βΌ
π Read
via "National Vulnerability Database".
Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2021-36895 βΌ
π Read
via "National Vulnerability Database".
Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto's Tripetto plugin <= 5.1.4 on WordPress via SVG image upload.π Read
via "National Vulnerability Database".