βΌ CVE-2022-24041 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application stores the PBKDF2 derived key of users passwords with a low iteration count. An attacker with user profile access privilege can retrieve the stored password hashes of other accounts and then successfully perform an offline cracking attack and recover the plaintext passwords of other users.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42581 βΌ
π Read
via "National Vulnerability Database".
Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compromise integrity or availability of application via supplying a crafted object (that contains an own property "__proto__") as an argument to the function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24039 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The Γ’β¬ΕaddCellΓ’β¬οΏ½ JavaScript function fails to properly sanitize user-controllable input before including it into the generated XML body of the XLS report document, such that it is possible to inject arbitrary content (e.g., XML tags) into the generated file. An attacker with restricted privileges, by poisoning any of the content used to generate XLS reports, could be able to leverage the application to deliver malicious files against higher-privileged users and obtain Remote Code Execution (RCE) against the administratorΓ’β¬β’s workstation.π Read
via "National Vulnerability Database".
π1
ποΈ Russia behind cyber-attack on satellite internet network KA-SAT that disrupted Ukrainian infrastructure β EU ποΈ
π Read
via "The Daily Swig".
Suspected DDoS attack took place one hour before Russia invaded Ukraineπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Russia behind cyber-attack on satellite internet network KA-SAT that disrupted Ukrainian infrastructure β EU
Attack took place one hour before Russia invaded Ukraine
β Hackers Actively Exploit F5 BIG-IP Bug β
π Read
via "Threat Post".
The bug has a severe rating of 9.8, public exploits are released.π Read
via "Threat Post".
Threat Post
Hackers Actively Exploit F5 BIG-IP Bug
The bug has a severe rating of 9.8, public exploits are released.
π΄ Mastering the New CISO Playbook π΄
π Read
via "Dark Reading".
How can you safeguard your organization amid global conflict and uncertainty?π Read
via "Dark Reading".
Darkreading
Mastering the New CISO Playbook
How can you safeguard your organization amid global conflict and uncertainty?
βΌ CVE-2021-42645 βΌ
π Read
via "National Vulnerability Database".
CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28110 βΌ
π Read
via "National Vulnerability Database".
Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29591 βΌ
π Read
via "National Vulnerability Database".
Tenda TX9 Pro 22.03.02.10 devices have a SetNetControlList buffer overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43094 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in OpenMRS Reference Application Standalone Edition <=2.11 and Platform Standalone Edition <=2.4.0 via GET requests on arbitrary parameters in patient.page.π Read
via "National Vulnerability Database".
β RubyGems supply chain rip-and-replace bug fixed β check your logs! β
π Read
via "Naked Security".
Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself "Frank".π Read
via "Naked Security".
Naked Security
RubyGems supply chain rip-and-replace bug fixed β check your logs!
Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself βFrankβ.
ποΈ UK government blocked four times as many cyber-scams in 2021 than previous year, CyberUK delegates told ποΈ
π Read
via "The Daily Swig".
War in Ukraine and ransomware trends top the agenda at this yearβs NCSC-led conferenceπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
UK government blocked four times as many cyber-scams in 2021 than previous year, CyberUK delegates told
War in Ukraine and ransomware trends top the agenda at this yearβs NCSC conference
π΄ Onapsis Announces New Offering to Jumpstart Security for SAP Customers π΄
π Read
via "Dark Reading".
Company delivers new vulnerability management offering to help resource-constrained organizations combat increasing attacks on mission-critical SAP applications .π Read
via "Dark Reading".
Darkreading
Onapsis Announces New Offering to Jumpstart Security for SAP Customers
Company delivers new vulnerability management offering to help resource-constrained organizations combat increasing attacks on mission-critical SAP applications .
π΄ 5-Buck DCRat Malware Foretells a Worrying Cyber Future π΄
π Read
via "Dark Reading".
The Dark Crystal remote access Trojan (aka DCRat) breaks a few stereotypes, with coding done by a solo developer, using an obscure Web language and offering it at a frighteningly low price.π Read
via "Dark Reading".
Darkreading
5-Buck DCRat Malware Foretells a Worrying Cyber Future
The Dark Crystal remote access Trojan (aka DCRat) breaks a few stereotypes, with coding done by a solo developer, using an obscure Web language and offering it at a frighteningly low price.
π΄ Arctic Wolf Launches Arctic Wolf Labs Focused on Security Operations Research and Intelligence Reporting π΄
π Read
via "Dark Reading".
New research-focused division focused on advancing innovation in the field of security operations.π Read
via "Dark Reading".
Darkreading
Arctic Wolf Launches Arctic Wolf Labs Focused on Security Operations Research and Intelligence Reporting
New research-focused division focused on advancing innovation in the field of security operations.
π΄ Cybercriminals Are Increasingly Exploiting Vulnerabilities in Windows Print Spooler π΄
π Read
via "Dark Reading".
Kaspersky researchers discovered that cybercriminals made approximately 65,000 attacks between July 2021 and April 2022.π Read
via "Dark Reading".
Darkreading
Cybercriminals Are Increasingly Exploiting Vulnerabilities in Windows Print Spooler
Kaspersky researchers discovered that cybercriminals made approximately 65,000 attacks between July 2021 and April 2022.
βΌ CVE-2022-26987 βΌ
π Read
via "National Vulnerability Database".
TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. Local users could get remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28909 βΌ
π Read
via "National Vulnerability Database".
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28907 βΌ
π Read
via "National Vulnerability Database".
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28901 βΌ
π Read
via "National Vulnerability Database".
A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29325 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter.π Read
via "National Vulnerability Database".