βΌ CVE-2021-41965 βΌ
π Read
via "National Vulnerability Database".
A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being performed.π Read
via "National Vulnerability Database".
π1
β He sold cracked passwords for a living β now heβs serving 4 years in prison β
π Read
via "Naked Security".
Crooks don't need a password for every user on your network to break in and wreak havoc. One could be enough...π Read
via "Naked Security".
β€2π1
β Firefox out-of-band update to 100.0.1 β just in time for Pwn2Own? β
π Read
via "Naked Security".
A new point-release of Firefox. Not unusual, but the timing of this one is interesting, with Pwn2Own coming up in a few days.π Read
via "Naked Security".
Naked Security
Firefox out-of-band update to 100.0.1 β just in time for Pwn2Own?
A new point-release of Firefox. Not unusual, but the timing of this one is interesting, with Pwn2Own coming up in a few days.
βΌ CVE-2022-30763 βΌ
π Read
via "National Vulnerability Database".
Janet before 1.22.0 mishandles arrays.π Read
via "National Vulnerability Database".
π2
βΌ CVE-2022-30779 βΌ
π Read
via "National Vulnerability Database".
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in GuzzleHttp\Cookie\FileCookieJar.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30778 βΌ
π Read
via "National Vulnerability Database".
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in Illuminate\Broadcasting\PendingBroadcast.php and dispatch($command) in Illuminate\Bus\QueueingDispatcher.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30767 βΌ
π Read
via "National Vulnerability Database".
nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30775 βΌ
π Read
via "National Vulnerability Database".
xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30770 βΌ
π Read
via "National Vulnerability Database".
Terminalfour before 8.3.8 allows XSS, aka RDSM-31817. 8.2.18.2.1 and 8.2.18.5 are also fixed versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30765 βΌ
π Read
via "National Vulnerability Database".
Calibre-Web before 0.6.18 allows user table SQL Injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30781 βΌ
π Read
via "National Vulnerability Database".
Gitea before 1.6.7 does not escape git fetch remote.π Read
via "National Vulnerability Database".
ποΈ Parker Hannifin reveals cyber-attack exposed sensitive employee data ποΈ
π Read
via "The Daily Swig".
Data breach involves Social Security numbers and health insurance data, among other informationπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Parker Hannifin reveals cyber-attack exposed sensitive employee data
Data breach involves Social Security numbers and health insurance data, among other information
π1
β Microsoftβs May Patch Tuesday Updates Cause Windows AD Authentication Errors β
π Read
via "Threat Post".
Microsoft's May Patch Tuesday update is triggering authentication errors.π Read
via "Threat Post".
Threat Post
Microsoftβs May Patch Tuesday Updates Cause Windows AD Authentication Errors
Microsoft's May Patch Tuesday update is triggering authentication errors.
π’ Panda Free Antivirus review: A free security tool with a personality all of its own π’
π Read
via "ITPro".
There's plenty to like here, including excellent malware protection, but this security package has some notable shortcomingsπ Read
via "ITPro".
IT PRO
Panda Free Antivirus review: A free security tool with a personality all of its own | IT PRO
There's plenty to like here, including excellent malware protection, but this security package has some notable shortcomings
π’ WannaCry's ghost is still wreaking havoc π’
π Read
via "ITPro".
A retooled version of the infamous ransomware strain continues to haunt corporate networks around the worldπ Read
via "ITPro".
ITPro
WannaCry's ghost is still wreaking havoc five years on
A retooled version of the infamous ransomware strain continues to haunt corporate networks around the world
π’ Windows Server admins say latest Patch Tuesday broke authentication policies π’
π Read
via "ITPro".
Microsoft has issued a workaround for the certificate-mapping issue, but many have already rolled back the updates to avoid operational disruptionπ Read
via "ITPro".
ITPro
Windows Server admins say latest Patch Tuesday broke authentication policies
Microsoft has issued a workaround for the certificate-mapping issue, but many have already rolled back the updates to avoid operational disruption
π’ The rise of double extortion ransomware π’
π Read
via "ITPro".
With the use of this tactic increasing, we look at how you can protect your businessπ Read
via "ITPro".
ITPro
The rise of double extortion ransomware
With the use of this tactic increasing, we look at how you can protect your business
π’ Lone Russian RAT operator rivals large gangs with Β£5 "passion project" π’
π Read
via "ITPro".
Researchers say the lone actor's success speaks to the growing complexity of the underground malware marketπ Read
via "ITPro".
IT PRO
Lone Russian RAT operator rivals large gangs with Β£5 "passion project" | IT PRO
Researchers say the lone actor's success speaks to the growing complexity of the underground malware market
π’ Tool that scans office software for vulnerabilities finds almost 100 in Word and Acrobat π’
π Read
via "ITPro".
Myriad flaws in Microsoft Word, Adobe Acrobat, and Foxit Reader were discovered as part of the research project that netted $22,000 in bug bounty rewardsπ Read
via "ITPro".
ITPro
Tool that scans office software for vulnerabilities finds almost 100 in Word and Acrobat
Myriad flaws in Microsoft Word, Adobe Acrobat, and Foxit Reader were discovered as part of the research project that netted $22,000 in bug bounty rewards
ποΈ SharePoint RCE bug resurfaces three months after being patched by Microsoft ποΈ
π Read
via "The Daily Swig".
Deserialization vulnerabilities are hard to fixπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
SharePoint RCE bug resurfaces three months after being patched by Microsoft
Deserialization vulnerabilities are hard to fix
π΄ Me, My Digital Self, and I: Why Identity Is the Foundation of a Decentralized Future π΄
π Read
via "Dark Reading".
A decentralized future is a grand ideal, but secure management of private keys is the prerequisite to ensure the integrity of decentralized applications and services.π Read
via "Dark Reading".
Dark Reading
Me, My Digital Self, and I: Why Identity Is the Foundation of a Decentralized Future
A decentralized future is a grand ideal, but secure management of private keys is the prerequisite to ensure the integrity of decentralized applications and services.
π2