βΌ CVE-2022-28781 βΌ
π Read
via "National Vulnerability Database".
Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20105 βΌ
π Read
via "National Vulnerability Database".
In MM service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330460; Issue ID: DTV03330460.π Read
via "National Vulnerability Database".
π΄ What Should I Know About Defending IoT Attack Surfaces? π΄
π Read
via "Dark Reading".
The Internet of Things needs to be part of the overall corporate information security policy to prevent adversaries from using these devices as an entry point.π Read
via "Dark Reading".
Darkreading
What Should I Know About Defending IoT Attack Surfaces?
The Internet of Things needs to be part of the overall corporate information security policy to prevent adversaries from using these devices as an entry point.
βΌ CVE-2022-1555 βΌ
π Read
via "National Vulnerability Database".
DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie...π Read
via "National Vulnerability Database".
βΌ CVE-2022-1502 βΌ
π Read
via "National Vulnerability Database".
Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions.π Read
via "National Vulnerability Database".
β Unpatched DNS Bug Puts Millions of Routers, IoT Devices at Risk β
π Read
via "Threat Post".
A flaw in all versions of the popular C standard libraries uClibe and uClibe-ng can allow for DNS poisoning attacks against target devices.π Read
via "Threat Post".
Threat Post
Unpatched DNS Bug Puts Millions of Routers, IoT Devices at Risk
A flaw in all versions of the popular C standard libraries uClibc and uClibe-ng can allow for DNS poisoning attacks against target devices.
ποΈ TLStorm 2.0: Millions of Aruba and Avaya network switches affected by RCE flaws ποΈ
π Read
via "The Daily Swig".
Patches issued for vulnerabilities arising from misuse of NanoSSL TLS libraryπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
TLStorm 2.0: Millions of Aruba and Avaya network switches affected by RCE flaws
Patches issued for vulnerabilities arising from misuse of NanoSSL TLS library
π΄ Aryaka, Carnegie Mellonβs CyLab to Research New Threat Mitigation Techniques π΄
π Read
via "Dark Reading".
The security research partnership will focus on developing new techniques and releasing them as open source.π Read
via "Dark Reading".
Darkreading
Aryaka, Carnegie Mellonβs CyLab to Research New Threat Mitigation Techniques
The security research partnership will focus on developing new techniques and releasing them as open source.
βΌ CVE-2022-1571 βΌ
π Read
via "National Vulnerability Database".
Cross-site scripting - Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user'cookie, perform HTTP request, get content of `same origin` page, etc ...π Read
via "National Vulnerability Database".
βΌ CVE-2021-42192 βΌ
π Read
via "National Vulnerability Database".
Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.π Read
via "National Vulnerability Database".
ποΈ State Bar of Georgia reels from cyber-attack ποΈ
π Read
via "The Daily Swig".
Bar suspends website after mystery assaultπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
State Bar of Georgia reels from cyber-attack
Bar suspends website after mystery assault
β Attackers Use Event Logs to Hide Fileless Malware β
π Read
via "Threat Post".
A sophisticated campaign utilizes a novel anti-detection method.π Read
via "Threat Post".
Threat Post
Attackers Use Event Logs to Hide Fileless Malware
A sophisticated campaign utilizes a novel anti-detection method.
π Clam AntiVirus Toolkit 0.105.0 π
π Read
via "Packet Storm Security".
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.π Read
via "Packet Storm Security".
Packetstormsecurity
Clam AntiVirus Toolkit 0.105.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ SAC Health System Impacted By Security Incident π΄
π Read
via "Dark Reading".
Six boxes of paper documents were removed from the facility without authorization in early March.π Read
via "Dark Reading".
Darkreading
SAC Health System Impacted By Security Incident
Six boxes of paper documents were removed from the facility without authorization in early March.
π΄ AutoRABIT Secures $26M in Series B Investment from Full In Partners to Expand DevSecOps Platform π΄
π Read
via "Dark Reading".
AutoRABIT intends to direct the funding toward growth initiatives and product development.π Read
via "Dark Reading".
Darkreading
AutoRABIT Secures $26M in Series B Investment from Full In Partners to Expand DevSecOps Platform
AutoRABIT intends to direct the funding toward growth initiatives and product development.
π΄ What Stars Wars Teaches Us About Threats π΄
π Read
via "Dark Reading".
The venerable film franchise shows us how to take threats in STRIDE.π Read
via "Dark Reading".
Dark Reading
What Star Wars Teaches Us About Threats
The venerable film franchise shows us how to take threats in STRIDE.
π΄ Uptycs Announces New Cloud Identity and Entitlement Management (CIEM) Capabilities π΄
π Read
via "Dark Reading".
Also adds support for Google Cloud Platform (GCP) and Microsoft Azure, and PCI compliance coverage.π Read
via "Dark Reading".
Darkreading
Uptycs Announces New Cloud Identity and Entitlement Management (CIEM) Capabilities
Also adds support for Google Cloud Platform (GCP) and Microsoft Azure, and PCI compliance coverage.
βΌ CVE-2021-42185 βΌ
π Read
via "National Vulnerability Database".
wdja v2.1 is affected by a SQL injection vulnerability in the foreground search function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28111 βΌ
π Read
via "National Vulnerability Database".
MyBatis PageHelper v1.x.x-v5.x.x was discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28096 βΌ
π Read
via "National Vulnerability Database".
Skycaiji v2.4 was discovered to contain a remote code execution (RCE) vulnerability via /SkycaijiApp/admin/controller/Develop.php.π Read
via "National Vulnerability Database".
ποΈ Zero-day bug in uClibc library could leave IoT devices vulnerable to DNS poisoning attacks ποΈ
π Read
via "The Daily Swig".
Unpatched flaw caused by the predictability of transaction IDsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Zero-day bug in uClibc library could leave IoT devices vulnerable to DNS poisoning attacks
Unpatched flaw caused by the predictability of transaction IDs