π΄ Mastering the New CISO Playbook π΄
π Read
via "Dark Reading".
How can you safeguard your organization amid global conflict and uncertainty?π Read
via "Dark Reading".
Darkreading
Mastering the New CISO Playbook
How can you safeguard your organization amid global conflict and uncertainty?
βΌ CVE-2021-42645 βΌ
π Read
via "National Vulnerability Database".
CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28110 βΌ
π Read
via "National Vulnerability Database".
Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29591 βΌ
π Read
via "National Vulnerability Database".
Tenda TX9 Pro 22.03.02.10 devices have a SetNetControlList buffer overflow.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43094 βΌ
π Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in OpenMRS Reference Application Standalone Edition <=2.11 and Platform Standalone Edition <=2.4.0 via GET requests on arbitrary parameters in patient.page.π Read
via "National Vulnerability Database".
β RubyGems supply chain rip-and-replace bug fixed β check your logs! β
π Read
via "Naked Security".
Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself "Frank".π Read
via "Naked Security".
Naked Security
RubyGems supply chain rip-and-replace bug fixed β check your logs!
Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself βFrankβ.
ποΈ UK government blocked four times as many cyber-scams in 2021 than previous year, CyberUK delegates told ποΈ
π Read
via "The Daily Swig".
War in Ukraine and ransomware trends top the agenda at this yearβs NCSC-led conferenceπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
UK government blocked four times as many cyber-scams in 2021 than previous year, CyberUK delegates told
War in Ukraine and ransomware trends top the agenda at this yearβs NCSC conference
π΄ Onapsis Announces New Offering to Jumpstart Security for SAP Customers π΄
π Read
via "Dark Reading".
Company delivers new vulnerability management offering to help resource-constrained organizations combat increasing attacks on mission-critical SAP applications .π Read
via "Dark Reading".
Darkreading
Onapsis Announces New Offering to Jumpstart Security for SAP Customers
Company delivers new vulnerability management offering to help resource-constrained organizations combat increasing attacks on mission-critical SAP applications .
π΄ 5-Buck DCRat Malware Foretells a Worrying Cyber Future π΄
π Read
via "Dark Reading".
The Dark Crystal remote access Trojan (aka DCRat) breaks a few stereotypes, with coding done by a solo developer, using an obscure Web language and offering it at a frighteningly low price.π Read
via "Dark Reading".
Darkreading
5-Buck DCRat Malware Foretells a Worrying Cyber Future
The Dark Crystal remote access Trojan (aka DCRat) breaks a few stereotypes, with coding done by a solo developer, using an obscure Web language and offering it at a frighteningly low price.
π΄ Arctic Wolf Launches Arctic Wolf Labs Focused on Security Operations Research and Intelligence Reporting π΄
π Read
via "Dark Reading".
New research-focused division focused on advancing innovation in the field of security operations.π Read
via "Dark Reading".
Darkreading
Arctic Wolf Launches Arctic Wolf Labs Focused on Security Operations Research and Intelligence Reporting
New research-focused division focused on advancing innovation in the field of security operations.
π΄ Cybercriminals Are Increasingly Exploiting Vulnerabilities in Windows Print Spooler π΄
π Read
via "Dark Reading".
Kaspersky researchers discovered that cybercriminals made approximately 65,000 attacks between July 2021 and April 2022.π Read
via "Dark Reading".
Darkreading
Cybercriminals Are Increasingly Exploiting Vulnerabilities in Windows Print Spooler
Kaspersky researchers discovered that cybercriminals made approximately 65,000 attacks between July 2021 and April 2022.
βΌ CVE-2022-26987 βΌ
π Read
via "National Vulnerability Database".
TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. Local users could get remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28909 βΌ
π Read
via "National Vulnerability Database".
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28907 βΌ
π Read
via "National Vulnerability Database".
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28901 βΌ
π Read
via "National Vulnerability Database".
A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29325 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28912 βΌ
π Read
via "National Vulnerability Database".
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28913 βΌ
π Read
via "National Vulnerability Database".
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29329 βΌ
π Read
via "National Vulnerability Database".
D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap overflow via the devicename parameter in /goform/setDeviceSettings.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29322 βΌ
π Read
via "National Vulnerability Database".
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28910 βΌ
π Read
via "National Vulnerability Database".
TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName.π Read
via "National Vulnerability Database".