βΌ CVE-2022-30770 βΌ
π Read
via "National Vulnerability Database".
Terminalfour before 8.3.8 allows XSS, aka RDSM-31817. 8.2.18.2.1 and 8.2.18.5 are also fixed versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30765 βΌ
π Read
via "National Vulnerability Database".
Calibre-Web before 0.6.18 allows user table SQL Injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30781 βΌ
π Read
via "National Vulnerability Database".
Gitea before 1.6.7 does not escape git fetch remote.π Read
via "National Vulnerability Database".
ποΈ Parker Hannifin reveals cyber-attack exposed sensitive employee data ποΈ
π Read
via "The Daily Swig".
Data breach involves Social Security numbers and health insurance data, among other informationπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Parker Hannifin reveals cyber-attack exposed sensitive employee data
Data breach involves Social Security numbers and health insurance data, among other information
π1
β Microsoftβs May Patch Tuesday Updates Cause Windows AD Authentication Errors β
π Read
via "Threat Post".
Microsoft's May Patch Tuesday update is triggering authentication errors.π Read
via "Threat Post".
Threat Post
Microsoftβs May Patch Tuesday Updates Cause Windows AD Authentication Errors
Microsoft's May Patch Tuesday update is triggering authentication errors.
π’ Panda Free Antivirus review: A free security tool with a personality all of its own π’
π Read
via "ITPro".
There's plenty to like here, including excellent malware protection, but this security package has some notable shortcomingsπ Read
via "ITPro".
IT PRO
Panda Free Antivirus review: A free security tool with a personality all of its own | IT PRO
There's plenty to like here, including excellent malware protection, but this security package has some notable shortcomings
π’ WannaCry's ghost is still wreaking havoc π’
π Read
via "ITPro".
A retooled version of the infamous ransomware strain continues to haunt corporate networks around the worldπ Read
via "ITPro".
ITPro
WannaCry's ghost is still wreaking havoc five years on
A retooled version of the infamous ransomware strain continues to haunt corporate networks around the world
π’ Windows Server admins say latest Patch Tuesday broke authentication policies π’
π Read
via "ITPro".
Microsoft has issued a workaround for the certificate-mapping issue, but many have already rolled back the updates to avoid operational disruptionπ Read
via "ITPro".
ITPro
Windows Server admins say latest Patch Tuesday broke authentication policies
Microsoft has issued a workaround for the certificate-mapping issue, but many have already rolled back the updates to avoid operational disruption
π’ The rise of double extortion ransomware π’
π Read
via "ITPro".
With the use of this tactic increasing, we look at how you can protect your businessπ Read
via "ITPro".
ITPro
The rise of double extortion ransomware
With the use of this tactic increasing, we look at how you can protect your business
π’ Lone Russian RAT operator rivals large gangs with Β£5 "passion project" π’
π Read
via "ITPro".
Researchers say the lone actor's success speaks to the growing complexity of the underground malware marketπ Read
via "ITPro".
IT PRO
Lone Russian RAT operator rivals large gangs with Β£5 "passion project" | IT PRO
Researchers say the lone actor's success speaks to the growing complexity of the underground malware market
π’ Tool that scans office software for vulnerabilities finds almost 100 in Word and Acrobat π’
π Read
via "ITPro".
Myriad flaws in Microsoft Word, Adobe Acrobat, and Foxit Reader were discovered as part of the research project that netted $22,000 in bug bounty rewardsπ Read
via "ITPro".
ITPro
Tool that scans office software for vulnerabilities finds almost 100 in Word and Acrobat
Myriad flaws in Microsoft Word, Adobe Acrobat, and Foxit Reader were discovered as part of the research project that netted $22,000 in bug bounty rewards
ποΈ SharePoint RCE bug resurfaces three months after being patched by Microsoft ποΈ
π Read
via "The Daily Swig".
Deserialization vulnerabilities are hard to fixπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
SharePoint RCE bug resurfaces three months after being patched by Microsoft
Deserialization vulnerabilities are hard to fix
π΄ Me, My Digital Self, and I: Why Identity Is the Foundation of a Decentralized Future π΄
π Read
via "Dark Reading".
A decentralized future is a grand ideal, but secure management of private keys is the prerequisite to ensure the integrity of decentralized applications and services.π Read
via "Dark Reading".
Dark Reading
Me, My Digital Self, and I: Why Identity Is the Foundation of a Decentralized Future
A decentralized future is a grand ideal, but secure management of private keys is the prerequisite to ensure the integrity of decentralized applications and services.
π2
βΌ CVE-2022-30011 βΌ
π Read
via "National Vulnerability Database".
In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30012 βΌ
π Read
via "National Vulnerability Database".
In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection.π Read
via "National Vulnerability Database".
ποΈ UK government sits out bug bounty boom but welcomes vulnerability disclosure ποΈ
π Read
via "The Daily Swig".
Budget constraints limit any immediate ambitionsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
UK government sits out bug bounty boom but welcomes vulnerability disclosure
Budget constraints limit any immediate ambitions
π΄ US Cyber Director: Forging a Cybersecurity Social Contract Is Not Optional π΄
π Read
via "Dark Reading".
In a Black Hat Asia keynote Fireside Chat, US National Cyber Director Chris Inglis outlined his vision of an effective cybersecurity public-private partnership strategy.π Read
via "Dark Reading".
Dark Reading
US Cyber Director: Forging a Cybersecurity Social Contract Is Not Optional
In a Black Hat Asia keynote fireside chat, US national cyber director Chris Inglis outlined his vision of an effective cybersecurity public-private partnership strategy.
βΌ CVE-2021-42897 βΌ
π Read
via "National Vulnerability Database".
A remote command execution (RCE) vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $_POST[r_name] is directly passed into the $mysqlstr and is executed by exec.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29623 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the file upload module of Connect-Multiparty v2.2.0 allows attackers to execute arbitrary code via a crafted PDF file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1418 βΌ
π Read
via "National Vulnerability Database".
The Social Stickers WordPress plugin through 2.2.9 does not have CSRF checks in place when updating its Social Network settings, and does not escape some of these fields, which could allow attackers to make a logged-in admin change them and lead to Stored Cross-Site Scripting issues.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0873 βΌ
π Read
via "National Vulnerability Database".
The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the Album's name before outputting it in pages/posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowedπ Read
via "National Vulnerability Database".