🕴 NFTs Emerge as the Next Enterprise Attack Vector 🕴
📖 Read
via "Dark Reading".
Cybersecurity has to be a top priority as enterprises begin incorporating the use of nonfungible tokens into their business strategies, brand-awareness campaigns, and employee-communication efforts, experts say.📖 Read
via "Dark Reading".
Darkreading
NFTs Emerge as the Next Enterprise Attack Vector
Cybersecurity has to be a top priority as enterprises begin incorporating the use of nonfungible tokens into their business strategies, brand-awareness campaigns, and employee-communication efforts, experts say.
🔏 NIST Revises Supply Chain Security Guidance 🔏
📖 Read
via "".
The primary audience for the revised publication is acquirers and end users of products, software and services.📖 Read
via "".
Digital Guardian
NIST Revises Supply Chain Security Guidance
The primary audience for the revised publication is acquirers and end users of products, software and services.
🕴 5 Tips to Protect Your Career Against a Narcissist 🕴
📖 Read
via "Dark Reading".
When you find yourself the target of a narcissist, familiarize yourself with their tactics and learn how to survive.📖 Read
via "Dark Reading".
Darkreading
5 Tips to Protect Your Career Against a Narcissist
When you find yourself the target of a narcissist, familiarize yourself with their tactics and learn how to survive.
👍1
‼ CVE-2022-30239 ‼
📖 Read
via "National Vulnerability Database".
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena JDBC Driver 2.0.25 through 2.0.28 may allow a local user to execute code. NOTE: this is different from CVE-2022-29971.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29971 ‼
📖 Read
via "National Vulnerability Database".
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena ODBC Driver 1.1.1 through 1.1.x before 1.1.17 may allow a local user to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30240 ‼
📖 Read
via "National Vulnerability Database".
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift JDBC Driver 1.2.40 through 1.2.55 may allow a local user to execute code. NOTE: this is different from CVE-2022-29972.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30335 ‼
📖 Read
via "National Vulnerability Database".
Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29933 ‼
📖 Read
via "National Vulnerability Database".
Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality. Specifically, the attacker must send X-Forwarded-Host to the /index.php?p=admin/actions/users/send-password-reset-email URI. NOTE: the vendor's position is that a customer can already work around this by adjusting the configuration (i.e., by not using the default configuration).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27308 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-28738 ‼
📖 Read
via "National Vulnerability Database".
A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30524 ‼
📖 Read
via "National Vulnerability Database".
There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27412 ‼
📖 Read
via "National Vulnerability Database".
Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29972 ‼
📖 Read
via "National Vulnerability Database".
An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver (1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52) may allow a local user to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28739 ‼
📖 Read
via "National Vulnerability Database".
There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29868 ‼
📖 Read
via "National Vulnerability Database".
1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Password is running and is unlocked. Affected secrets include vault items and derived values used for signing in to 1Password.📖 Read
via "National Vulnerability Database".
🕴 Costa Rica Declares State of Emergency Under Sustained Conti Cyberattacks 🕴
📖 Read
via "Dark Reading".
Conti's ransomware attack cripples Costa Rica's Treasury, sparking the US to offer a $15M bounty on the group.📖 Read
via "Dark Reading".
Darkreading
Costa Rica Declares State of Emergency Under Sustained Conti Cyberattacks
Conti's ransomware attack cripples Costa Rica's Treasury, sparking the US to offer a $15M bounty on the group.
🕴 Joker, Other Fleecewear Surges Back Into Google Play 🕴
📖 Read
via "Dark Reading".
Some mobile apps are being weaponized with Trojans that secretly sign Android users up for paid subscription services.📖 Read
via "Dark Reading".
Darkreading
Joker, Other Fleeceware Surges Back Into Google Play
The infamous Joker threat is back in Google Play, along with other Trojanized mobile apps that secretly sign Android users up for paid subscription services.
‼ CVE-2021-43712 ‼
📖 Read
via "National Vulnerability Database".
Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23705 ‼
📖 Read
via "National Vulnerability Database".
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow the upload, but not execution, of unauthorized update binaries to the array. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23704 ‼
📖 Read
via "National Vulnerability Database".
A potential security vulnerability has been identified in Integrated Lights-Out 4 (iLO 4). The vulnerability could allow remote Denial of Service. The vulnerability is resolved in Integrated Lights-Out 4 (iLO 4) 2.80 and later.📖 Read
via "National Vulnerability Database".
🕴 How to Check if Your F5 BIG-IP Device Is Vulnerable 🕴
📖 Read
via "Dark Reading".
This Tech Tip walks network administrators through the steps to address the latest critical remote code execution vulnerability (CVE-2022-1388) in F5's BIG-IP management interface.📖 Read
via "Dark Reading".
Darkreading
How to Check If Your F5 BIG-IP Device Is Vulnerable
This Tech Tip walks network administrators through the steps to address the latest critical remote code execution vulnerability (CVE-2022-1388) in F5's BIG-IP management interface.