π’ Open source packages with millions of installs hacked to harvest AWS credentials π’
π Read
via "ITPro".
Two popular open source packages used by Python and PHP developers have been quietly compromised with successful attacks already being reportedπ Read
via "ITPro".
IT PRO
Open source packages with millions of installs hacked to harvest AWS credentials | IT PRO
Two popular open source packages used by Python and PHP developers have been quietly compromised with successful attacks already being reported
π’ DOE βββββββββββββββfundsβ βdevelopment of Qunnect's Quantum Repeater π’
π Read
via "ITPro".
The $1.85 million grant will eventually pave the way for quantum internetπ Read
via "ITPro".
IT PRO
DOE βββββββββββββββfundsβ βdevelopment of Qunnect's Quantum Repeater | IT PRO
The $1.85 million grant will eventually pave the way for quantum internet
β Cybergang Claims REvil is Back, Executes DDoS Attacks β
π Read
via "Threat Post".
Actors claiming to be the defunct ransomware group are targeting one of Akamiβs customers with a Layer 7 attack, demanding an extortion payment in Bitcoin.π Read
via "Threat Post".
Threat Post
Cybergang Claims REvil is Back, Executes DDoS Attacks
Actors claiming to be the defunct ransomware group are targeting one of Akamiβs customers with a Layer 7 attack, demanding an extortion payment in Bitcoin.
β Poisoned Python and PHP packages purloin passwords for AWS access β
π Read
via "Naked Security".
More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2021-42692 βΌ
π Read
via "National Vulnerability Database".
There is a stack-overflow vulnerability in tinytoml v0.4 that can cause a crash or DoS.π Read
via "National Vulnerability Database".
π΄ Most Common Threats in DBIR π΄
π Read
via "Dark Reading".
Supply chain and ransomware attacks increased dramatically this year, which explains why so many data breaches in this year's DBIR were grouped as system intrusion.π Read
via "Dark Reading".
Dark Reading
Most Common Threats in DBIR
Supply chain and ransomware attacks increased dramatically in 2021, which explains why so many data breaches in Verizon's "2022 Data Breach Investigations Report" were grouped as system intrusion.
β Whoβs watching your webcam? The Screencastify Chrome extension storyβ¦ β
π Read
via "Naked Security".
When you really need to make exceptions in cybersecurity, specify them as explicitly as you can.π Read
via "Naked Security".
Naked Security
Whoβs watching your webcam? The Screencastify Chrome extension storyβ¦
When you really need to make exceptions in cybersecurity, specify them as explicitly as you can.
βΌ CVE-2022-29720 βΌ
π Read
via "National Vulnerability Database".
74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40317 βΌ
π Read
via "National Vulnerability Database".
Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42859 βΌ
π Read
via "National Vulnerability Database".
A memory leak issue was discovered in Mini-XML v3.2 that could cause a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29721 βΌ
π Read
via "National Vulnerability Database".
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42860 βΌ
π Read
via "National Vulnerability Database".
A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxml_string_getc:2611.π Read
via "National Vulnerability Database".
ποΈ Canadian healthcare provider issues data breach warning after server hack ποΈ
π Read
via "The Daily Swig".
SHN plays down concerns over medical records breachπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Canadian healthcare provider issues data breach warning after server hack
SHN plays down concerns over medical records breach
π΄ Big Cyber Hits on GM, Chicago Public Schools, & Zola Showcase the Password Problem π΄
π Read
via "Dark Reading".
Credential-stuffing attacks against online accounts are still popular, and they work thanks to continuing password reuse.π Read
via "Dark Reading".
Dark Reading
Big Cyber Hits on GM, Chicago Public Schools, & Zola Showcase the Password Problem
Credential-stuffing attacks against online accounts are still popular, and they work thanks to continuing password reuse.
π΄ Act Now: Leveraging PCI Compliance to Improve Security π΄
π Read
via "Dark Reading".
Let the threat landscape guide your company's timeline for complying with new data security standards for credit cards. Use the phase-in time to improve security overall β security as a process β not just comply with new standards.π Read
via "Dark Reading".
Dark Reading
Act Now: Leveraging PCI Compliance to Improve Security
Let the threat landscape guide your company's timeline for complying with new data security standards for credit cards. Use the phase-in time to improve security overall β security as a process β not just comply with new standards.
π΄ Quanta Servers Caught With Pantsdown BMC Vulnerability π΄
π Read
via "Dark Reading".
Researchers discover 3-year-old critical firmware vulnerability running in popular cloud servers used to power hyperscalers and cloud providers alike.π Read
via "Dark Reading".
Dark Reading
Quanta Servers Caught With 'Pantsdown' BMC Vulnerability
Researchers discover 3-year-old critical firmware vulnerability, running in popular cloud servers used to power hyperscalers and cloud providers alike.
ποΈ LinkedIn bug bounty program goes public with rewards of up to $18k ποΈ
π Read
via "The Daily Swig".
Social media platform ends private program after paying $250,000 in rewards over eight yearsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
LinkedIn bug bounty program goes public with rewards of up to $18k
Social media platform ends private program after paying $250,000 in rewards over eight years
π1
βΌ CVE-2022-29687 βΌ
π Read
via "National Vulnerability Database".
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/level_del.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4231 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29680 βΌ
π Read
via "National Vulnerability Database".
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/zu_del.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29670 βΌ
π Read
via "National Vulnerability Database".
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/del.π Read
via "National Vulnerability Database".