βΌ CVE-2022-20770 βΌ
π Read
via "National Vulnerability Database".
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.π Read
via "National Vulnerability Database".
π What Is the Defense Federal Acquisition Regulation Supplement (DFARS)? π
π Read
via "".
Learn more about what DFARS compliance means, who and what it applies to, and what the minimum requirements are for organizations to comply.π Read
via "".
Digital Guardian
What Is the Defense Federal Acquisition Regulation Supplement (DFARS)?
Learn more about what DFARS compliance means, who and what it applies to, and what the minimum requirements are for organizations to comply.
π΄ Q&A: How China Is Exporting Tech-Based Authoritarianism Across the World π΄
π Read
via "Dark Reading".
The US has to adapt its own policies to counter the push, warns former DocuSign CEO and Under Secretary of State Keith Krach.π Read
via "Dark Reading".
Dark Reading
Q&A: How China Is Exporting Tech-Based Authoritarianism Across the World
The US has to adapt its own policies to counter the push, warns former DocuSign CEO and Under Secretary of State Keith Krach.
π΄ Microsoft Releases Defender for SMBs π΄
π Read
via "Dark Reading".
Microsoft's stand-alone version of Defender for SMBs promises to help SecOps teams automate detection, response, and recovery.π Read
via "Dark Reading".
Dark Reading
Microsoft Releases Defender for SMBs
Microsoft's stand-alone version of Defender for SMBs promises to help SecOps teams automate detection, response, and recovery.
π΄ China-Backed Winnti APT Siphons Reams of US Trade Secrets in Sprawling Cyber-Espionage Attack π΄
π Read
via "Dark Reading".
Operation CuckooBees uncovered the state-sponsored group's sophisticated new tactics in a years-long campaign that hit more than 30 tech and manufacturing companies.π Read
via "Dark Reading".
Dark Reading
China-Backed Winnti APT Siphons Reams of US Trade Secrets in Sprawling Cyber-Espionage Attack
Operation CuckooBees uncovered the state-sponsored group's sophisticated new tactics in a years-long campaign that hit more than 30 tech and manufacturing companies.
βΌ CVE-2022-30241 βΌ
π Read
via "National Vulnerability Database".
The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29943 βΌ
π Read
via "National Vulnerability Database".
Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity (XXE) processing to achieve read access as root on the remote filesystem. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1584 βΌ
π Read
via "National Vulnerability Database".
Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victimπ Read
via "National Vulnerability Database".
βΌ CVE-2022-29942 βΌ
π Read
via "National Vulnerability Database".
Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal network. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-25786 βΌ
π Read
via "National Vulnerability Database".
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. This issue affects: GateManager all versions prior to 9.7.π Read
via "National Vulnerability Database".
π΄ GitHub to Developers: Turn on 2FA, or Lose Access π΄
π Read
via "Dark Reading".
All active GitHub users who contribute code will be required to enable at least one form of two-factor authentication by the end of 2023.π Read
via "Dark Reading".
Dark Reading
GitHub to Developers: Turn on 2FA or Lose Access
All active GitHub users who contribute code will be required to enable at least one form of two-factor authentication by the end of 2023.
βΌ CVE-2022-30292 βΌ
π Read
via "National Vulnerability Database".
thread_call in sqbaselib.cpp in SQUIRREL 3.2 lacks a certain sq_reservestack call.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30284 βΌ
π Read
via "National Vulnerability Database".
In the python-libnmap package through 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments).π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-30288 βΌ
π Read
via "National Vulnerability Database".
Agoo through 2.14.2 does not reject GraphQL fragment spreads that form cycles, leading to an application crash.π Read
via "National Vulnerability Database".
β Android monthly updates are out β critical bugs found in critical places! β
π Read
via "Naked Security".
Android May 2022 updates are out - with some critical fixes in some critical places. Learn more...π Read
via "Naked Security".
Naked Security
Android monthly updates are out β critical bugs found in critical places!
Android May 2022 updates are out β with some critical fixes in some critical places. Learn moreβ¦
β World Password Day β the 1960s just called and gave you your passwords back β
π Read
via "Naked Security".
Yes, passwords are going away. No, it won't happen tomorrow. So it's still worth knowing the basics of picking proper passwords.π Read
via "Naked Security".
Naked Security
World Password Day β the 1960s just called and gave you your passwords back
Yes, passwords are going away. No, it wonβt happen tomorrow. So itβs still worth knowing the basics of picking proper passwords.
ποΈ Serious Snipe-IT bug exploitable to send password reset email traps ποΈ
π Read
via "The Daily Swig".
Attackers could use the flaw to steal credentials with no authentication requiredπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Serious Snipe-IT bug exploitable to send password reset email traps
Attackers could use the flaw to steal credentials with no authentication required
βΌ CVE-2022-1588 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) in GitHub repository contao/contao prior to 4.13.3. Attacker can execute Malicious JS in Application :)π Read
via "National Vulnerability Database".
βΌ CVE-2022-28890 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities.π Read
via "National Vulnerability Database".
ποΈ India to introduce six-hour data breach notification rule ποΈ
π Read
via "The Daily Swig".
Reporting window is 66 hours shorter than that stipulated under the EUβs GDPRπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
India to introduce six-hour data breach notification rule
Reporting window is 66 hours shorter than that stipulated under the EUβs GDPR
β VHD Ransomware Linked to North Koreaβs Lazarus Group β
π Read
via "Threat Post".
Source code and Bitcoin transactions point to the malware, which emerged in March 2020, being the work of APT38, researchers at Trellix said.π Read
via "Threat Post".
Threat Post
VHD Ransomware Linked to North Koreaβs Lazarus Group
Source code and Bitcoin transactions point to the malware, which emerged in March 2020, being the work of APT38, researchers at Trellix said.