βΌ CVE-2022-23267 βΌ
π Read
via "National Vulnerability Database".
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-29117, CVE-2022-29145.π Read
via "National Vulnerability Database".
π΄ What to Patch Now: Actively Exploited Windows Zero-Day Threatens Domain Controllers π΄
π Read
via "Dark Reading".
Microsoft's May 2022 Patch Tuesday contains several bugs in ubiquitous software that could affect millions of machines, researchers warn.π Read
via "Dark Reading".
Dark Reading
What to Patch Now: Actively Exploited Windows Zero-Day Threatens Domain Controllers
Microsoft's May 2022 Patch Tuesday contains several bugs in ubiquitous software that could affect millions of machines, researchers warn.
βοΈ Microsoft Patch Tuesday, May 2022 Edition βοΈ
π Read
via "Krebs on Security".
Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software. This month's patch batch includes fixes for seven "critical" flaws, as well as a zero-day vulnerability that affects all supported versions of Windows.π Read
via "Krebs on Security".
Krebsonsecurity
Microsoft Patch Tuesday, May 2022 Edition
Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software. This month's patch batch includes fixes for seven "critical" flaws, as well as a zero-day vulnerability that affects allβ¦
π΄ Novel Nerbian RAT Lurks Behind Faked COVID Safety Emails π΄
π Read
via "Dark Reading".
Malicious emails with macro-enabled Word documents are spreading a never-before-seen remote-access Trojan, researchers say.π Read
via "Dark Reading".
Darkreading
Novel Nerbian RAT Lurks Behind Faked COVID Safety Emails
Malicious emails with macro-enabled Word documents are spreading a never-before-seen remote-access Trojan, researchers say.
π1
βΌ CVE-2022-26116 βΌ
π Read
via "National Vulnerability Database".
Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters.π Read
via "National Vulnerability Database".
ποΈ NIST refreshes software supply chain risk management guidance ποΈ
π Read
via "The Daily Swig".
βA comprehensive tool that can take you from crawl to walk to runβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
NIST refreshes software supply chain risk management guidance
βA comprehensive tool that can take you from crawl to walk to runβ
β Ransomware Deals Deathblow to 157-year-old College β
π Read
via "Threat Post".
Why a private college that stayed in business for 157 years had to close after the combo of COVID-19 and ransomware proved too much.π Read
via "Threat Post".
Threat Post
Ransomware Deals Deathblow to 157-year-old College
Why a private college that stayed in business for 157 years had to close after the combo of COVID-19 and ransomware proved too much.
β Actively Exploited Zero-Day Bug Patched by Microsoft β
π Read
via "Threat Post".
Microsoft's May Patch Tuesday roundup also included critical fixes for a number of flaws found in infrastructure present in many enterprise and cloud environments.π Read
via "Threat Post".
Threat Post
Actively Exploited Zero-Day Bug Patched by Microsoft
The update also included critical fixes for a number of flaws found in infrastructure present in many enterprise and cloud environments.
ποΈ RuTube hack: Russian video platform denies loss of source code following cyber-attack ποΈ
π Read
via "The Daily Swig".
The βRussian alternative to YouTubeβ has been offline since Mondayπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
RuTube hack: Russian video platform denies loss of source code following cyber-attack
The βRussian alternative to YouTubeβ has been offline since Monday
β Novel Phishing Trick Uses Weird Links to Bypass Spam Filters β
π Read
via "Threat Post".
A novel form of phishing takes advantage of a disparity between how browsers and email inboxes read web domains.π Read
via "Threat Post".
Threat Post
Novel Phishing Trick Uses Weird Links to Bypass Spam Filters
A novel form of phishing takes advantage of a disparity between how browsers and email inboxes read web domains.
β Intel Memory Bug Poses Risk for Hundreds of Products β
π Read
via "Threat Post".
Dell and HP were among the first to release patches and fixes for the bug.π Read
via "Threat Post".
Threat Post
Intel Memory Bug Poses Risk for Hundreds of Products
Dell and HP were among the first to release patches and fixes for the bug.
π΄ Vanity URLs Could be Spoofed for Social Engineering Attacks π΄
π Read
via "Dark Reading".
Attackers could abuse the vanity subdomains of popular cloud services such as Box.com, Google, and Zoom to mask attacks in phishing campaigns.π Read
via "Dark Reading".
Darkreading
Vanity URLs Could Be Spoofed for Social Engineering Attacks
Attackers could abuse the vanity subdomains of popular cloud services such as Box.com, Google, and Zoom to mask attacks in phishing campaigns.
π΄ The Danger of Online Data Brokers π΄
π Read
via "Dark Reading".
Enterprises should consider online data brokers as part of their risk exposure analysis if they don't already do so.π Read
via "Dark Reading".
Darkreading
The Danger of Online Data Brokers
Enterprises should consider online data brokers as part of their risk exposure analysis if they don't already do so.
π΄ Cyber-Espionage Attack Drops Post-Exploit Malware Framework on Microsoft Exchange Servers π΄
π Read
via "Dark Reading".
IceApple's 18 separate modules include those for data exfiltration, credential harvesting, and file and directory deletion, CrowdStrike warns.π Read
via "Dark Reading".
Dark Reading
Cyber-Espionage Attack Drops Post-Exploit Malware Framework on Microsoft Exchange Servers
IceApple's 18 separate modules include those for data exfiltration, credential harvesting, and file and directory deletion, CrowdStrike warns.
β Colonial Pipeline facing $1,000,000 fine for poor recovery plans β
π Read
via "Naked Security".
How good is your cybersecurity? Are you making the same mistakes as lots of other people? Here's some real-life advice...π Read
via "Naked Security".
Naked Security
Colonial Pipeline facing $1,000,000 fine for poor recovery plans
How good is your cybersecurity? Are you making the same mistakes as lots of other people? Hereβs some real-life adviceβ¦
βΌ CVE-2022-29316 βΌ
π Read
via "National Vulnerability Database".
Complete Online Job Search System v1.0 was discovered to contain a SQL injection vulnerability via /eris/index.php?q=result&searchfor=advancesearch.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29727 βΌ
π Read
via "National Vulnerability Database".
Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3254 βΌ
π Read
via "National Vulnerability Database".
Asus DSL-N14U-B1 1.1.2.3_805 allows remote attackers to cause a Denial of Service (DoS) via a TCP SYN scan using nmap.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29728 βΌ
π Read
via "National Vulnerability Database".
Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-site scripting (XSS) vulnerability in the test parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29318 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the New Entry module of Car Rental Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29655 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the Upload Photos module of Wedding Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.π Read
via "National Vulnerability Database".