βΌ CVE-2022-28874 βΌ
π Read
via "National Vulnerability Database".
Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.π Read
via "National Vulnerability Database".
β Zero Trust for Data Helps Enterprises Detect, Respond and Recover from Breaches β
π Read
via "Threat Post".
Mohit Tiwari, CEO of Symmetry Systems, explores Zero Trust, data objects and the NIST framework for cloud and on-prem environments.π Read
via "Threat Post".
Threat Post
Zero Trust for Data Helps Enterprises Detect, Respond and Recover from Breaches
Mohit Tiwari, CEO of Symmetry Systems, explores Zero Trust, data objects and the NIST framework for cloud and on-prem environments.
β Clearview AI face-matching service fined a lot less than expected β
π Read
via "Naked Security".
The fine has finally gone through... but it's less than 45% of what was originally proposed.π Read
via "Naked Security".
Naked Security
Clearview AI face-matching service fined a lot less than expected
The fine has finally gone throughβ¦ but itβs less than 45% of what was originally proposed.
ποΈ Blockchain bridge Wormhole pays record $10m bug bounty reward ποΈ
π Read
via "The Daily Swig".
Critical security flaw patched on the same day it was submittedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Blockchain bridge Wormhole pays record $10m bug bounty reward
Critical security flaw patched on the same day it was submitted
π΄ After the Okta Breach, Diversify Your Sources of Truth π΄
π Read
via "Dark Reading".
What subsequent protections do you have in place when your first line of defense goes down?π Read
via "Dark Reading".
Dark Reading
After the Okta Breach, Diversify Your Sources of Truth
What subsequent protections do you have in place when your first line of defense goes down?
ποΈ Yik Yak fixes information disclosure bug that leaked usersβ GPS location ποΈ
π Read
via "The Daily Swig".
Hairy MitM exploit independently discovered by two security researchersπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Yik Yak fixes information disclosure bug that leaked usersβ GPS location
Hairy MitM exploit independently discovered by two security researchers
βΌ CVE-2022-1817 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in Badminton Center Management System. This affects the userlist module at /bcms/admin/?page=user/list. The manipulation of the argument username with the input </td><img src="" onerror="alert(1)"><td>1 leads to an authenticated cross site scripting. Exploit details have been disclosed to the public.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1816 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input <script>alert(1)</script> leads to an authenticated cross site scripting. Exploit details have been disclosed to the public.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1810 βΌ
π Read
via "National Vulnerability Database".
Improper Access Control in GitHub repository publify/publify prior to 9.2.9.π Read
via "National Vulnerability Database".
π΄ Valeo Networks Acquires Next I.T. π΄
π Read
via "Dark Reading".
Next I.T. is the sixth and largest acquisition to date for Valeo Networks.π Read
via "Dark Reading".
Dark Reading
Valeo Networks Acquires Next I.T.
Next I.T. is the sixth and largest acquisition to date for Valeo Networks.
π΄ Kingston Digital Releases Touch-Screen Hardware-Encrypted External SSD for Data Protection π΄
π Read
via "Dark Reading".
IronKey Vault Privacy 80 External SSD safeguards against brute-force attacks and BadUSB with digitally-signed firmware.π Read
via "Dark Reading".
Dark Reading
Kingston Digital Releases Touch-Screen Hardware-Encrypted External SSD for Data Protection
IronKey Vault Privacy 80 External SSD safeguards against brute-force attacks and BadUSB with digitally-signed firmware.
ποΈ Chicago Public Schools data breach blamed on ransomware attack on supplier ποΈ
π Read
via "The Daily Swig".
Cybercrooks compromised server containing student course information and assessment dataπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Chicago Public Schools data breach blamed on third-party ransomware attack
Cybercrooks compromised server containing student course information and assessment data
βΌ CVE-2022-28997 βΌ
π Read
via "National Vulnerability Database".
CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0900 βΌ
π Read
via "National Vulnerability Database".
A Stored Cross-Site Scripting (XSS) vulnerability in DivvyDrive's "aciklama" parameter could allow anyone to gain users' session informations.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28998 βΌ
π Read
via "National Vulnerability Database".
Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted code.π Read
via "National Vulnerability Database".
ποΈ Pwn2Own Vancouver: 15th annual hacking event pays out $1.2m for high-impact security bugs ποΈ
π Read
via "The Daily Swig".
Tesla, Microsoft, and others targeted in hacking competition that saw Star Labs crowned βMasters of Pwnβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Pwn2Own Vancouver: 15th annual hacking event pays out $1.2m for high-impact security bugs
Tesla, Microsoft, and others targeted in hacking competition that saw Star Labs crowned βMasters of Pwnβ
π΄ Why the Employee Experience Is Cyber Resilience π΄
π Read
via "Dark Reading".
A culture of trust, combined with tools designed around EX, can work in tandem to help organizations become more resilient and secure.π Read
via "Dark Reading".
Dark Reading
Why the Employee Experience Is Cyber Resilience
A culture of trust, combined with tools designed around employee experience, can work in tandem to help organizations become more resilient and secure.
βΌ CVE-2022-29004 βΌ
π Read
via "National Vulnerability Database".
Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29005 βΌ
π Read
via "National Vulnerability Database".
Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41714 βΌ
π Read
via "National Vulnerability Database".
In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1811 βΌ
π Read
via "National Vulnerability Database".
Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9.π Read
via "National Vulnerability Database".