βΌ CVE-2022-30057 βΌ
π Read
via "National Vulnerability Database".
Shopwind <=v3.4.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30448 βΌ
π Read
via "National Vulnerability Database".
Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28255 βΌ
π Read
via "National Vulnerability Database".
Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30063 βΌ
π Read
via "National Vulnerability Database".
ftcms <=2.1 was discovered to be vulnerable to code execution attacks .π Read
via "National Vulnerability Database".
βΌ CVE-2022-30453 βΌ
π Read
via "National Vulnerability Database".
ShopWind <= 3.4.2 has a RCE vulnerability in Database.phpπ Read
via "National Vulnerability Database".
βΌ CVE-2022-30060 βΌ
π Read
via "National Vulnerability Database".
ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Write via admin/controllers/tp.phpπ Read
via "National Vulnerability Database".
π΄ PlainID Debuts Authorization-as-a-Service Platform π΄
π Read
via "Dark Reading".
Platform powered by policy-based access control (PBAC).π Read
via "Dark Reading".
Darkreading
PlainID Debuts Authorization-as-a-Service Platform
Platform powered by policy-based access control (PBAC).
βΌ CVE-2022-30557 βΌ
π Read
via "National Vulnerability Database".
Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29596 βΌ
π Read
via "National Vulnerability Database".
MicroStrategy Enterprise Manager 2022 allows authentication bypass by triggering a login failure and then entering the Uid=/../../../../../../../../../../../windows/win.ini%00.jpg&Pwd=_any_password_&ConnMode=1&3054=Login substring for directory traversal.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29855 βΌ
π Read
via "National Vulnerability Database".
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.π Read
via "National Vulnerability Database".
β Novel βNerbianβ Trojan Uses Advanced Anti-Detection Tricks β
π Read
via "Threat Post".
The stealthy, feature-rich malware has multistage evasion tactics to fly under the radar of security analysis, researchers at Proofpoint have found.π Read
via "Threat Post".
Threat Post
Novel βNerbianβ Trojan Uses Advanced Anti-Detection Tricks
The stealthy, feature-rich malware has multistage evasion tactics to fly under the radar of security analysis, researchers at Proofpoint have found.
βοΈ DEA Investigating Breach of Law Enforcement Data Portal βοΈ
π Read
via "Krebs on Security".
The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.π Read
via "Krebs on Security".
Krebs on Security
DEA Investigating Breach of Law Enforcement Data Portal
The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise isβ¦
π΄ On Air With Dark Reading News Desk at Black Hat Asia 2022 π΄
π Read
via "Dark Reading".
This year's Black Hat Asia is hybrid, with some sessions broadcast on the virtual platform and others live on stage in Singapore. News Desk is available on-demand with prerecorded interviews.π Read
via "Dark Reading".
Darkreading
On the Air With Dark Reading News Desk at Black Hat Asia 2022
This year's Black Hat Asia is hybrid, with some sessions broadcast on the virtual platform and others live on stage in Singapore. News Desk is available on-demand with prerecorded interviews.
βΌ CVE-2022-1674 βΌ
π Read
via "National Vulnerability Database".
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1650 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository eventsource/eventsource prior to v2.0.2.π Read
via "National Vulnerability Database".
β You Canβt Eliminate Cyberattacks, So Focus on Reducing the Blast Radius β
π Read
via "Threat Post".
Tony Lauro, director of security technology and strategy at Akamai, discusses reducing your company's attack surface and the "blast radius" of a potential attack.π Read
via "Threat Post".
Threat Post
You Canβt Eliminate Cyberattacks, So Focus on Reducing the Blast Radius
Tony Lauro, director of security technology and strategy at Akamai, discusses reducing your company's attack surface and the "blast radius" of a potential attack.
π΄ Nokia Opens Cybersecurity Testing Lab π΄
π Read
via "Dark Reading".
The end-to-end cybersecurity 5G testing lab will help identify and prevent cyberattacks on 5G networks.π Read
via "Dark Reading".
Darkreading
Nokia Opens Cybersecurity Testing Lab
The end-to-end cybersecurity 5G testing lab will help identify and prevent cyberattacks on 5G networks.
ποΈ Box, Zoom, Google Docs offer phishing boost with βvanity URLβ flaws ποΈ
π Read
via "The Daily Swig".
Attack technique bypasses email filters and burnishes credibility of phishing linksπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Box, Zoom, Google Docs offer phishing boost with βvanity URLβ flaws
Attack technique bypasses email filters and burnishes credibility of phishing links
π΄ 5 Years That Altered the Ransomware Landscape π΄
π Read
via "Dark Reading".
WannaCry continues to be a reminder of the challenges that organizations face dealing with the ransomware threat.π Read
via "Dark Reading".
Darkreading
5 Years That Altered the Ransomware Landscape
WannaCry continues to be a reminder of the challenges that organizations face dealing with the ransomware threat.
π΄ Known macOS Vulnerabilities Led Researcher to Root Out New Flaws π΄
π Read
via "Dark Reading".
Researcher shares how he unearthed newer bugs in Apple's operating system by closer scrutiny of previous research, including vulnerabilities that came out of the Pwn2Own competition.π Read
via "Dark Reading".
Darkreading
Known macOS Vulnerabilities Led Researcher to Root Out New Flaws
Researcher shares how he unearthed newer bugs in Apple's operating system by closer scrutiny of previous research, including vulnerabilities that came out of the Pwn2Own competition.
β Malware Builder Leverages Discord Webhooks β
π Read
via "Threat Post".
Researchers discovered a simple malware builder designed to steal credentials, then pinging them to Discord webhooks.π Read
via "Threat Post".
Threat Post
Malware Builder Leverages Discord Webhooks
Researchers discovered a simple malware builder designed to steal credentials, then pinging them to Discord webhooks.