βΌ CVE-2022-29596 βΌ
π Read
via "National Vulnerability Database".
MicroStrategy Enterprise Manager 2022 allows authentication bypass by triggering a login failure and then entering the Uid=/../../../../../../../../../../../windows/win.ini%00.jpg&Pwd=_any_password_&ConnMode=1&3054=Login substring for directory traversal.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29855 βΌ
π Read
via "National Vulnerability Database".
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.π Read
via "National Vulnerability Database".
β Novel βNerbianβ Trojan Uses Advanced Anti-Detection Tricks β
π Read
via "Threat Post".
The stealthy, feature-rich malware has multistage evasion tactics to fly under the radar of security analysis, researchers at Proofpoint have found.π Read
via "Threat Post".
Threat Post
Novel βNerbianβ Trojan Uses Advanced Anti-Detection Tricks
The stealthy, feature-rich malware has multistage evasion tactics to fly under the radar of security analysis, researchers at Proofpoint have found.
βοΈ DEA Investigating Breach of Law Enforcement Data Portal βοΈ
π Read
via "Krebs on Security".
The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets.π Read
via "Krebs on Security".
Krebs on Security
DEA Investigating Breach of Law Enforcement Data Portal
The U.S. Drug Enforcement Administration (DEA) says it is investigating reports that hackers gained unauthorized access to an agency portal that taps into 16 different federal law enforcement databases. KrebsOnSecurity has learned the alleged compromise isβ¦
π΄ On Air With Dark Reading News Desk at Black Hat Asia 2022 π΄
π Read
via "Dark Reading".
This year's Black Hat Asia is hybrid, with some sessions broadcast on the virtual platform and others live on stage in Singapore. News Desk is available on-demand with prerecorded interviews.π Read
via "Dark Reading".
Darkreading
On the Air With Dark Reading News Desk at Black Hat Asia 2022
This year's Black Hat Asia is hybrid, with some sessions broadcast on the virtual platform and others live on stage in Singapore. News Desk is available on-demand with prerecorded interviews.
βΌ CVE-2022-1674 βΌ
π Read
via "National Vulnerability Database".
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1650 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository eventsource/eventsource prior to v2.0.2.π Read
via "National Vulnerability Database".
β You Canβt Eliminate Cyberattacks, So Focus on Reducing the Blast Radius β
π Read
via "Threat Post".
Tony Lauro, director of security technology and strategy at Akamai, discusses reducing your company's attack surface and the "blast radius" of a potential attack.π Read
via "Threat Post".
Threat Post
You Canβt Eliminate Cyberattacks, So Focus on Reducing the Blast Radius
Tony Lauro, director of security technology and strategy at Akamai, discusses reducing your company's attack surface and the "blast radius" of a potential attack.
π΄ Nokia Opens Cybersecurity Testing Lab π΄
π Read
via "Dark Reading".
The end-to-end cybersecurity 5G testing lab will help identify and prevent cyberattacks on 5G networks.π Read
via "Dark Reading".
Darkreading
Nokia Opens Cybersecurity Testing Lab
The end-to-end cybersecurity 5G testing lab will help identify and prevent cyberattacks on 5G networks.
ποΈ Box, Zoom, Google Docs offer phishing boost with βvanity URLβ flaws ποΈ
π Read
via "The Daily Swig".
Attack technique bypasses email filters and burnishes credibility of phishing linksπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Box, Zoom, Google Docs offer phishing boost with βvanity URLβ flaws
Attack technique bypasses email filters and burnishes credibility of phishing links
π΄ 5 Years That Altered the Ransomware Landscape π΄
π Read
via "Dark Reading".
WannaCry continues to be a reminder of the challenges that organizations face dealing with the ransomware threat.π Read
via "Dark Reading".
Darkreading
5 Years That Altered the Ransomware Landscape
WannaCry continues to be a reminder of the challenges that organizations face dealing with the ransomware threat.
π΄ Known macOS Vulnerabilities Led Researcher to Root Out New Flaws π΄
π Read
via "Dark Reading".
Researcher shares how he unearthed newer bugs in Apple's operating system by closer scrutiny of previous research, including vulnerabilities that came out of the Pwn2Own competition.π Read
via "Dark Reading".
Darkreading
Known macOS Vulnerabilities Led Researcher to Root Out New Flaws
Researcher shares how he unearthed newer bugs in Apple's operating system by closer scrutiny of previous research, including vulnerabilities that came out of the Pwn2Own competition.
β Malware Builder Leverages Discord Webhooks β
π Read
via "Threat Post".
Researchers discovered a simple malware builder designed to steal credentials, then pinging them to Discord webhooks.π Read
via "Threat Post".
Threat Post
Malware Builder Leverages Discord Webhooks
Researchers discovered a simple malware builder designed to steal credentials, then pinging them to Discord webhooks.
π΄ How Can Your Business Defend Itself Against Fraud-as-a-Service? π΄
π Read
via "Dark Reading".
By understanding how FaaS works and following best practices to prevent it, your business can protect its customers, revenue, and brand reputation.π Read
via "Dark Reading".
Darkreading
How Can Your Business Defend Itself Against Fraud-as-a-Service?
By understanding how FaaS works and following best practices to prevent it, your business can protect its customers, revenue, and brand reputation.
ποΈ Researcher stops REvil ransomware in its tracks with DLL-hijacking exploit ποΈ
π Read
via "The Daily Swig".
Conti, Lockbit, and other prolific ransomware strains apparently have similar vulnerabilitiesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Researcher stops REvil ransomware in its tracks with DLL-hijacking exploit
Conti, Lockbit, and other prolific ransomware strains apparently have similar vulnerabilities
βΌ CVE-2021-42863 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow in ecma_builtin_typedarray_prototype_filter() in JerryScript version fe3a5c0 allows an attacker to construct a fake object or a fake arraybuffer with unlimited size.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28873 βΌ
π Read
via "National Vulnerability Database".
A vulnerability affecting F-Secure SAFE browser was discovered. An attacker can potentially exploit Javascript window.open functionality in SAFE Browser which could lead address bar spoofing attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28872 βΌ
π Read
via "National Vulnerability Database".
A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails in a loop.π Read
via "National Vulnerability Database".
ποΈ Marcus Hutchins on halting the WannaCry ransomware attack β βStill to this day it feels like it was all a weird dreamβ ποΈ
π Read
via "The Daily Swig".
Five years since WannaCry exploded onto the scene, ransomware still tops global threat lists ANALYSIS Five years ago today (May 12), a ransomware attack by a North Korean hacking group hit computers rπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Marcus Hutchins on halting the WannaCry ransomware attack β βStill to this day it feels like it was all a weird dreamβ
Five years since WannaCry exploded onto the scene, ransomware still tops global threat lists
β Serious Security: Learning from curlβs latest bug update β
π Read
via "Naked Security".
Learn how to write plain-speaking and purposeful security advisories from one of the most widely-used open source tools in the world.π Read
via "Naked Security".
Naked Security
Serious Security: Learning from curlβs latest bug update
Learn how to write plain-speaking and purposeful security advisories from one of the most widely-used open source tools in the world.
β S3 Ep82: Bugs, bugs, bugs (and Colonial Pipeline again) [Podcast] β
π Read
via "Naked Security".
Latest episode - lots to learn - plain English - fun with a serious side - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep82: Bugs, bugs, bugs (and Colonial Pipeline again) [Podcast]
Latest episode β lots to learn β plain English β fun with a serious side β listen now!