🛠 COOPER Analysis Tool 🛠
📖 Read
via "Packet Storm Security".
Cooper utilizes cooperative mutation to test the binding code of scripting languages to find memory-safe issues. Cooperative mutation simultaneously modifies the script code and the related document objects to explore various code paths of the binding code. To support cooperative mutation, the authors infer the relationship between script code and document objects to guide the two-dimensional mutation. They applied their tool Cooper on three popular commercial PDF tools, Adobe Acrobat, Foxit Reader, and Microsoft Word. Cooper detected 134 previously unknown bugs, which resulted in 33 CVE entries and 22K bug bounties.📖 Read
via "Packet Storm Security".
Packetstormsecurity
COOPER Analysis Tool ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🕴 Linux, OpenSSF Champion Plan to Improve Open Source Security 🕴
📖 Read
via "Dark Reading".
The White House and tech industry pledge $150 million over two years to boost open source resiliency and supply chain security.📖 Read
via "Dark Reading".
Dark Reading
Linux, OpenSSF Champion Plan to Improve Open Source Security
The White House and tech industry pledge $150 million over two years to boost open source resiliency and supply chain security.
🔏 Friday Five 5/13 🔏
📖 Read
via "".
Data privacy concerns on the rise, Costa Rica fights back against ransomware, and new cybersecurity legislation making its way through Congress - read about this and more in this week's Friday Five!
📖 Read
via "".
Digital Guardian
Friday Five 5/13
Data privacy concerns on the rise, Costa Rica fights back against ransomware, and new cybersecurity legislation making its way through Congress - read about this and more in this week's Friday Five!
‼ CVE-2022-1715 ‼
📖 Read
via "National Vulnerability Database".
Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-27505 ‼
📖 Read
via "National Vulnerability Database".
mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22393 ‼
📖 Read
via "National Vulnerability Database".
IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 , with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status of HTTP/HTTPS ports which are accessible by the application server. IBM X-Force ID: 222078.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2021-33013 ‼
📖 Read
via "National Vulnerability Database".
mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22325 ‼
📖 Read
via "National Vulnerability Database".
IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace. IBM X-Force ID: 218853.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22252 ‼
📖 Read
via "National Vulnerability Database".
The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system stability.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33005 ‼
📖 Read
via "National Vulnerability Database".
mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29433 ‼
📖 Read
via "National Vulnerability Database".
Authenticated (contributor or higher role) Cross-Site Scripting (XSS) vulnerability in Donations plugin <= 1.8 on WordPress.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33009 ‼
📖 Read
via "National Vulnerability Database".
mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system.📖 Read
via "National Vulnerability Database".
🕴 Black Hat Asia: Democracy's Survival Depends on Taming Technology 🕴
📖 Read
via "Dark Reading".
The conference opens with stark outlook on the future of global democracy — currently squeezed between Silicon Valley and China.📖 Read
via "Dark Reading".
Dark Reading
Black Hat Asia: Democracy's Survival Depends on Taming Technology
The conference opens with stark outlook on the future of global democracy — currently squeezed between Silicon Valley and China.
🕴 US Agrees to International Electronic Cybercrime Evidence Swap 🕴
📖 Read
via "Dark Reading".
The Budapest Convention is a multinational coalition that agrees to share electronic evidence across international jurisdictions to track down cybercriminals.📖 Read
via "Dark Reading".
Dark Reading
US Agrees to International Electronic Cybercrime Evidence Swap
The Budapest Convention is a multinational coalition that agrees to share electronic evidence across international jurisdictions to track down cybercriminals.
🕴 CISO Shares Top Strategies to Communicate Security's Value to the Biz 🕴
📖 Read
via "Dark Reading".
In a keynote address at Black Hat Asia in Singapore this week, CISO and former NASA security engineer George Do discussed his go-to model for measuring security effectiveness – and getting others in the organization to listen.📖 Read
via "Dark Reading".
Dark Reading
CISO Shares Top Strategies to Communicate Security's Value to the Biz
In a keynote address at Black Hat Asia in Singapore this week, CISO and former NASA security engineer George Do discussed his go-to model for measuring security effectiveness – and getting others in the organization to listen.
‼ CVE-2022-25862 ‼
📖 Read
via "National Vulnerability Database".
This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. **Note:** This vulnerability derives from an incomplete fix to [CVE-2020-7618](https://security.snyk.io/vuln/SNYK-JS-SDS-564123)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22281 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21190 ‼
📖 Read
via "National Vulnerability Database".
This affects the package convict before 6.2.3. This is a bypass of [CVE-2022-22143](https://security.snyk.io/vuln/SNYK-JS-CONVICT-2340604). The [fix](https://github.com/mozilla/node-convict/commit/3b86be087d8f14681a9c889d45da7fe3ad9cd880) introduced, relies on the startsWith method and does not prevent the vulnerability: before splitting the path, it checks if it starts with __proto__ or this.constructor.prototype. To bypass this check it's possible to prepend the dangerous paths with any string value followed by a dot, like for example foo.__proto__ or foo.this.constructor.prototype.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1701 ‼
📖 Read
via "National Vulnerability Database".
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25865 ‼
📖 Read
via "National Vulnerability Database".
The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection. When calling the fetchRemoteBranch(remote: string, remoteBranch: string, cwd: string) function, both the remote and remoteBranch parameters are passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1702 ‼
📖 Read
via "National Vulnerability Database".
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability.📖 Read
via "National Vulnerability Database".