βΌ CVE-2022-29897 βΌ
π Read
via "National Vulnerability Database".
On various RAD-ISM-900-EN-* devices by PHOENIX CONTACT an admin user could use the traceroute utility integrated in the WebUI to execute arbitrary code with root privileges on the OS due to an improper input validation in all versions of the firmware.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29978 βΌ
π Read
via "National Vulnerability Database".
There is a floating point exception error in sixel_encoder_do_resize, encoder.c:633 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29007 βΌ
π Read
via "National Vulnerability Database".
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29613 βΌ
π Read
via "National Vulnerability Database".
Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application.π Read
via "National Vulnerability Database".
π΄ Quantum Ransomware Strikes Quickly, How to Prepare and Recover π΄
π Read
via "Dark Reading".
NYC-area cybersecurity expert shares the anatomy of a Quantum Ransomware attack and how to prevent, detect and recover from a ransomware attack, in a new article from eMazzanti Technologies.π Read
via "Dark Reading".
Darkreading
Quantum Ransomware Strikes Quickly, How to Prepare and Recover
NYC-area cybersecurity expert shares the anatomy of a Quantum Ransomware attack and how to prevent, detect and recover from a ransomware attack, in a new article from eMazzanti Technologies.
π Samhain File Integrity Checker 4.4.9 π
π Read
via "Packet Storm Security".
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.π Read
via "Packet Storm Security".
Packetstormsecurity
Samhain File Integrity Checker 4.4.9 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Aircrack-ng Wireless Network Tools 1.7 π
π Read
via "Packet Storm Security".
aircrack-ng is a set of tools for auditing wireless networks. It's an enhanced/reborn version of aircrack. It consists of airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), airdecap (decrypts WEP/WPA capture files), and some tools to handle capture files (merge, convert, etc.).π Read
via "Packet Storm Security".
Packetstormsecurity
Aircrack-ng Wireless Network Tools 1.7 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ Top 6 Security Threats Targeting Remote Workers π΄
π Read
via "Dark Reading".
Remote work is here to stay, which means security teams must ensure that security extends beyond corporate devices and protects employees wherever they are.π Read
via "Dark Reading".
Darkreading
Top 6 Security Threats Targeting Remote Workers
Remote work is here to stay, which means security teams must ensure that security extends beyond corporate devices and protects employees wherever they are.
π΄ Breaking Down the Strengthening American Cybersecurity Act π΄
π Read
via "Dark Reading".
New federal cybersecurity rules will set timelines for critical infrastructure sector organizations β those in chemical, manufacturing, healthcare, defense contracting, energy, financial, nuclear, or transportation β to report ransomware payments and cyberattacks to CISA. All parties have to comply for it to work and help protect assets.π Read
via "Dark Reading".
Darkreading
Breaking Down the Strengthening American Cybersecurity Act
New federal cybersecurity rules will set timelines for critical infrastructure sector organizations β those in chemical, manufacturing, healthcare, defense contracting, energy, financial, nuclear, or transportation β to report ransomware payments and cyberattacksβ¦
π΄ Concentric AI Raises Series A Funding Led by Ballistic Ventures to Autonomously Secure Business-Critical Data π΄
π Read
via "Dark Reading".
Round of $14.5M to support team of AI experts and cybersecurity leaders targeting overshared data with AI-based solutions for data access governance and loss prevention.π Read
via "Dark Reading".
Darkreading
Concentric AI Raises Series A Funding Led by Ballistic Ventures to Autonomously Secure Business-Critical Data
Round of $14.5M to support team of AI experts and cybersecurity leaders targeting overshared data with AI-based solutions for data access governance and loss prevention.
π΄ Keeper Security Partners with SHI International for New Fully Managed IT Service (SHI Complete) π΄
π Read
via "Dark Reading".
The partnership integrates Keeper's zero-knowledge, zero-trust enterprise password manager (EPM) into SHI Complete, a comprehensive, fully managed IT service for small and medium-sized businesses (SMBs).π Read
via "Dark Reading".
Darkreading
Keeper Security Partners with SHI International for New Fully Managed IT Service (SHI Complete)
The partnership integrates Keeper's zero-knowledge, zero-trust enterprise password manager (EPM) into SHI Complete, a comprehensive, fully managed IT service for small and medium-sized businesses (SMBs).
βΌ CVE-2021-26339 βΌ
π Read
via "National Vulnerability Database".
A bug in AMD CPUΓ’β¬β’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service. AMD believes the specific code includes a specific x86 instruction sequence that would not be generated by compilers.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39059 βΌ
π Read
via "National Vulnerability Database".
IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214619.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26364 βΌ
π Read
via "National Vulnerability Database".
Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26348 βΌ
π Read
via "National Vulnerability Database".
Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26350 βΌ
π Read
via "National Vulnerability Database".
A TOCTOU race condition in SMU may allow for the caller to obtain and manipulate the address of a message port register which may result in a potential denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26378 βΌ
π Read
via "National Vulnerability Database".
Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0027 βΌ
π Read
via "National Vulnerability Database".
An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0026 βΌ
π Read
via "National Vulnerability Database".
A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts all versions of Cortex XDR agent without content update 330 or a later content update version.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29616 βΌ
π Read
via "National Vulnerability Database".
SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption.π Read
via "National Vulnerability Database".
βΌ CVE-2021-26342 βΌ
π Read
via "National Vulnerability Database".
In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). The failure to flush the TLB may cause the microcode to use stale TLB translations which may allow for disclosure of SEV guest memory contents. Users of SEV-ES/SEV-SNP guest VMs are not impacted by this vulnerability.π Read
via "National Vulnerability Database".