βΌ CVE-2021-33436 βΌ
π Read
via "National Vulnerability Database".
NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\SYSTEM.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29815 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possibleπ Read
via "National Vulnerability Database".
βΌ CVE-2022-29816 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possibleπ Read
via "National Vulnerability Database".
βΌ CVE-2022-29814 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possibleπ Read
via "National Vulnerability Database".
βΌ CVE-2022-29821 βΌ
π Read
via "National Vulnerability Database".
In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possibleπ Read
via "National Vulnerability Database".
βΌ CVE-2022-29818 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawedπ Read
via "National Vulnerability Database".
βΌ CVE-2022-29819 βΌ
π Read
via "National Vulnerability Database".
In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possibleπ Read
via "National Vulnerability Database".
βΌ CVE-2022-29820 βΌ
π Read
via "National Vulnerability Database".
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possibleπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1509 βΌ
π Read
via "National Vulnerability Database".
Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context.π Read
via "National Vulnerability Database".
π΄ A Peek into Visa's AI Tools Against Fraud π΄
π Read
via "Dark Reading".
Visa has invested heavily in data analytics and artificial intelligence over the past five years to secure the movement of money and keep fraud rates low.π Read
via "Dark Reading".
Dark Reading
A Peek into Visa's AI Tools Against Fraud
Visa has invested heavily in data analytics and artificial intelligence over the past five years to secure the movement of money and keep fraud rates low.
β Ransomware Survey 2022 β like the Curateβs Egg, βgood in partsβ β
π Read
via "Naked Security".
You might not like the headline statistics in this year's ransomware report... but that makes it even more important to take a look!π Read
via "Naked Security".
Naked Security
Ransomware Survey 2022 β like the Curateβs Egg, βgood in partsβ
You might not like the headline statistics in this yearβs ransomware reportβ¦ but that makes it even more important to take a look!
β Cyberattacks Rage in Ukraine, Support Military Operations β
π Read
via "Threat Post".
At least five APTs are believed involved with attacks tied ground campaigns and designed to damage Ukraine's digital infrastructure.π Read
via "Threat Post".
Threat Post
Cyberattacks Rage in Ukraine, Support Military Operations
At least five APTs are believed involved with attacks tied ground campaigns and designed to damage Ukraine's digital infrastructure.
β Attacker Breach βDozensβ of GitHub Repos Using Stolen OAuth Tokens β
π Read
via "Threat Post".
GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of organizations.π Read
via "Threat Post".
Threat Post
Attacker Breach βDozensβ of GitHub Repos Using Stolen OAuth Tokens
GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of organizations.
β S3 Ep80: Ransomware news, phishing woes, NAS bugs, and a giant hole in Java [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep80: Ransomware news, phishing woes, NAS bugs, and a giant hole in Java [Podcast]
Latest episode β listen now!
ποΈ Socket: New tool takes a proactive approach to prevent OSS supply chain attacks ποΈ
π Read
via "The Daily Swig".
Signal detector aims to help developers to stay ahead of threatsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Socket: New tool takes a proactive approach to prevent OSS supply chain attacks
Signal detector aims to help developers to stay ahead of threats
βΌ CVE-2022-29152 βΌ
π Read
via "National Vulnerability Database".
The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an XSS payload from the AppPortal cookie into the page.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41921 βΌ
π Read
via "National Vulnerability Database".
novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24935 βΌ
π Read
via "National Vulnerability Database".
Lexmark products through 2022-02-10 have Incorrect Access Control.π Read
via "National Vulnerability Database".
π΄ Explainable AI for Fraud Prevention π΄
π Read
via "Dark Reading".
As the use of AI- and ML-driven decision-making draws transparency concerns, the need increases for explainability, especially when machine learning models appear in high-risk environments.π Read
via "Dark Reading".
Dark Reading
Explainable AI for Fraud Prevention
As the use of AI- and ML-driven decision-making draws transparency concerns, the need increases for explainability, especially when machine learning models appear in high-risk environments.
βΌ CVE-2021-43930 βΌ
π Read
via "National Vulnerability Database".
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28101 βΌ
π Read
via "National Vulnerability Database".
Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing attackers to execute HTML injection.π Read
via "National Vulnerability Database".