β Phishing goes KISS: Donβt let plain and simple messages catch you out! β
π Read
via "Naked Security".
Sometimes we receive phishing tricks that we grudgingly have to admit are better than average, just because they're uncomplicated.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Millions of Java Apps Remain Vulnerable to Log4Shell β
π Read
via "Threat Post".
Four months after the critical flaw was discovered, attackers have a massive attack surface from which they can exploit the flaw and take over systems, researchers found.π Read
via "Threat Post".
Threat Post
Millions of Java Apps Remain Vulnerable to Log4Shell
Four months after the critical flaw was discovered, attackers have a massive attack surface from which they can exploit the flaw and take over systems, researchers found.
βΌ CVE-2022-1504 βΌ
π Read
via "National Vulnerability Database".
XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46441 βΌ
π Read
via "National Vulnerability Database".
In the "webupg" binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use "cmd" parameters to execute arbitrary system commands after obtaining authorization.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46442 βΌ
π Read
via "National Vulnerability Database".
In the "webupg" binary of D-Link DIR-825 G1, attackers can bypass authentication through parameters "autoupgrade.asp", and perform functions such as downloading configuration files and updating firmware without authorization.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46421 βΌ
π Read
via "National Vulnerability Database".
Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46420 βΌ
π Read
via "National Vulnerability Database".
Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46423 βΌ
π Read
via "National Vulnerability Database".
Telesquare TLR-2005KSH 1.0.0 is affected by an unauthenticated file download vulnerability that allows a remote attacker to download a full configuration file.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46422 βΌ
π Read
via "National Vulnerability Database".
Telesquare SDT-CW3B1 1.1.0 is affected by an OS command injection vulnerability that allows a remote attacker to execute OS commands without any authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46424 βΌ
π Read
via "National Vulnerability Database".
Telesquare TLR-2005KSH 1.0.0 is affected by an arbitrary file deletion vulnerability that allows a remote attacker to delete any file, even system internal files, via a DELETE request.π Read
via "National Vulnerability Database".
π΄ How Industry Leaders Should Approach Open Source Security π΄
π Read
via "Dark Reading".
Here's how to reduce security risk and gain the benefits of open source software.π Read
via "Dark Reading".
Dark Reading
How Industry Leaders Should Approach Open Source Security
Here's how to reduce security risk and gain the benefits of open source software.
βοΈ Fighting Fake EDRs With βCredit Ratingsβ for Police βοΈ
π Read
via "Krebs on Security".
When KrebsOnSecurity last month explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media and technology providers, many security experts called it a fundamentally unfixable problem. But don't tell that to Matt Donahue, a former FBI agent who recently quit the agency to launch a startup that aims to help tech companies do a better job screening out phony law enforcement data requests -- in part by assigning trustworthiness or "credit ratings" to law enforcement authorities worldwide.π Read
via "Krebs on Security".
Krebs on Security
Fighting Fake EDRs With βCredit Ratingsβ for Police
When KrebsOnSecurity last month explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media and technology providers, many security experts called it aβ¦
β Ransomware Survey 2022 β like the Curateβs Egg, βgood in partsβ β
π Read
via "Naked Security".
You might not like the headline statistics in this year's ransomware report... but that makes it even more important to take a look!π Read
via "Naked Security".
Naked Security
Ransomware Survey 2022 β like the Curateβs Egg, βgood in partsβ
You might not like the headline statistics in this yearβs ransomware reportβ¦ but that makes it even more important to take a look!
ποΈ VirusTotal debunks claims of a serious vulnerability in Google-owned antivirus service ποΈ
π Read
via "The Daily Swig".
Third party file and theftπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
VirusTotal debunks claims of a serious vulnerability in Google-owned antivirus service
Claims that researchers were able to execute commands within the antivirus platform have been questioned
βΌ CVE-2022-29505 βΌ
π Read
via "National Vulnerability Database".
Due to build misconfiguration in openssl dependency, LINE for Windows before 7.8 is vulnerable to DLL injection that could lead to privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27905 βΌ
π Read
via "National Vulnerability Database".
In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-24888 βΌ
π Read
via "National Vulnerability Database".
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders that have these characters in the middle of their names, so this might be an opportunity for injection. This issue is fixed in versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1. There are currently no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24886 βΌ
π Read
via "National Vulnerability Database".
Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself. Version 3.19.0 contains a fix for this issue. There are currently no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24885 βΌ
π Read
via "National Vulnerability Database".
Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for the problem. There are currently no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28464 βΌ
π Read
via "National Vulnerability Database".
Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24889 βΌ
π Read
via "National Vulnerability Database".
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling "recommended" apps for the Nextcloud server that they do not need, thus expanding their attack surface unnecessarily. This issue is fixed in versions 21.0.8 , 22.2.4, and 23.0.1.π Read
via "National Vulnerability Database".