π΄ Novel Nerbian RAT Lurks Behind Faked COVID Safety Emails π΄
π Read
via "Dark Reading".
Malicious emails with macro-enabled Word documents are spreading a never-before-seen remote-access Trojan, researchers say.π Read
via "Dark Reading".
Darkreading
Novel Nerbian RAT Lurks Behind Faked COVID Safety Emails
Malicious emails with macro-enabled Word documents are spreading a never-before-seen remote-access Trojan, researchers say.
π1
βΌ CVE-2022-26116 βΌ
π Read
via "National Vulnerability Database".
Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters.π Read
via "National Vulnerability Database".
ποΈ NIST refreshes software supply chain risk management guidance ποΈ
π Read
via "The Daily Swig".
βA comprehensive tool that can take you from crawl to walk to runβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
NIST refreshes software supply chain risk management guidance
βA comprehensive tool that can take you from crawl to walk to runβ
β Ransomware Deals Deathblow to 157-year-old College β
π Read
via "Threat Post".
Why a private college that stayed in business for 157 years had to close after the combo of COVID-19 and ransomware proved too much.π Read
via "Threat Post".
Threat Post
Ransomware Deals Deathblow to 157-year-old College
Why a private college that stayed in business for 157 years had to close after the combo of COVID-19 and ransomware proved too much.
β Actively Exploited Zero-Day Bug Patched by Microsoft β
π Read
via "Threat Post".
Microsoft's May Patch Tuesday roundup also included critical fixes for a number of flaws found in infrastructure present in many enterprise and cloud environments.π Read
via "Threat Post".
Threat Post
Actively Exploited Zero-Day Bug Patched by Microsoft
The update also included critical fixes for a number of flaws found in infrastructure present in many enterprise and cloud environments.
ποΈ RuTube hack: Russian video platform denies loss of source code following cyber-attack ποΈ
π Read
via "The Daily Swig".
The βRussian alternative to YouTubeβ has been offline since Mondayπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
RuTube hack: Russian video platform denies loss of source code following cyber-attack
The βRussian alternative to YouTubeβ has been offline since Monday
β Novel Phishing Trick Uses Weird Links to Bypass Spam Filters β
π Read
via "Threat Post".
A novel form of phishing takes advantage of a disparity between how browsers and email inboxes read web domains.π Read
via "Threat Post".
Threat Post
Novel Phishing Trick Uses Weird Links to Bypass Spam Filters
A novel form of phishing takes advantage of a disparity between how browsers and email inboxes read web domains.
β Intel Memory Bug Poses Risk for Hundreds of Products β
π Read
via "Threat Post".
Dell and HP were among the first to release patches and fixes for the bug.π Read
via "Threat Post".
Threat Post
Intel Memory Bug Poses Risk for Hundreds of Products
Dell and HP were among the first to release patches and fixes for the bug.
π΄ Vanity URLs Could be Spoofed for Social Engineering Attacks π΄
π Read
via "Dark Reading".
Attackers could abuse the vanity subdomains of popular cloud services such as Box.com, Google, and Zoom to mask attacks in phishing campaigns.π Read
via "Dark Reading".
Darkreading
Vanity URLs Could Be Spoofed for Social Engineering Attacks
Attackers could abuse the vanity subdomains of popular cloud services such as Box.com, Google, and Zoom to mask attacks in phishing campaigns.
π΄ The Danger of Online Data Brokers π΄
π Read
via "Dark Reading".
Enterprises should consider online data brokers as part of their risk exposure analysis if they don't already do so.π Read
via "Dark Reading".
Darkreading
The Danger of Online Data Brokers
Enterprises should consider online data brokers as part of their risk exposure analysis if they don't already do so.
π΄ Cyber-Espionage Attack Drops Post-Exploit Malware Framework on Microsoft Exchange Servers π΄
π Read
via "Dark Reading".
IceApple's 18 separate modules include those for data exfiltration, credential harvesting, and file and directory deletion, CrowdStrike warns.π Read
via "Dark Reading".
Dark Reading
Cyber-Espionage Attack Drops Post-Exploit Malware Framework on Microsoft Exchange Servers
IceApple's 18 separate modules include those for data exfiltration, credential harvesting, and file and directory deletion, CrowdStrike warns.
β Colonial Pipeline facing $1,000,000 fine for poor recovery plans β
π Read
via "Naked Security".
How good is your cybersecurity? Are you making the same mistakes as lots of other people? Here's some real-life advice...π Read
via "Naked Security".
Naked Security
Colonial Pipeline facing $1,000,000 fine for poor recovery plans
How good is your cybersecurity? Are you making the same mistakes as lots of other people? Hereβs some real-life adviceβ¦
βΌ CVE-2022-29316 βΌ
π Read
via "National Vulnerability Database".
Complete Online Job Search System v1.0 was discovered to contain a SQL injection vulnerability via /eris/index.php?q=result&searchfor=advancesearch.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29727 βΌ
π Read
via "National Vulnerability Database".
Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3254 βΌ
π Read
via "National Vulnerability Database".
Asus DSL-N14U-B1 1.1.2.3_805 allows remote attackers to cause a Denial of Service (DoS) via a TCP SYN scan using nmap.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29728 βΌ
π Read
via "National Vulnerability Database".
Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-site scripting (XSS) vulnerability in the test parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29318 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the New Entry module of Car Rental Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29655 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the Upload Photos module of Wedding Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29656 βΌ
π Read
via "National Vulnerability Database".
Wedding Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Wedding-Management/package_detail.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29975 βΌ
π Read
via "National Vulnerability Database".
An Authenticated Reflected Cross-site scripting at CC Parameter was discovered in MDaemon before 22.0.0 .π Read
via "National Vulnerability Database".
βΌ CVE-2020-19228 βΌ
π Read
via "National Vulnerability Database".
An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files.π Read
via "National Vulnerability Database".