π΄ Most Common Threats in DBIR π΄
π Read
via "Dark Reading".
Supply chain and ransomware attacks increased dramatically this year, which explains why so many data breaches in this year's DBIR were grouped as system intrusion.π Read
via "Dark Reading".
Dark Reading
Most Common Threats in DBIR
Supply chain and ransomware attacks increased dramatically in 2021, which explains why so many data breaches in Verizon's "2022 Data Breach Investigations Report" were grouped as system intrusion.
β Whoβs watching your webcam? The Screencastify Chrome extension storyβ¦ β
π Read
via "Naked Security".
When you really need to make exceptions in cybersecurity, specify them as explicitly as you can.π Read
via "Naked Security".
Naked Security
Whoβs watching your webcam? The Screencastify Chrome extension storyβ¦
When you really need to make exceptions in cybersecurity, specify them as explicitly as you can.
βΌ CVE-2022-29720 βΌ
π Read
via "National Vulnerability Database".
74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40317 βΌ
π Read
via "National Vulnerability Database".
Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42859 βΌ
π Read
via "National Vulnerability Database".
A memory leak issue was discovered in Mini-XML v3.2 that could cause a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29721 βΌ
π Read
via "National Vulnerability Database".
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42860 βΌ
π Read
via "National Vulnerability Database".
A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxml_string_getc:2611.π Read
via "National Vulnerability Database".
ποΈ Canadian healthcare provider issues data breach warning after server hack ποΈ
π Read
via "The Daily Swig".
SHN plays down concerns over medical records breachπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Canadian healthcare provider issues data breach warning after server hack
SHN plays down concerns over medical records breach
π΄ Big Cyber Hits on GM, Chicago Public Schools, & Zola Showcase the Password Problem π΄
π Read
via "Dark Reading".
Credential-stuffing attacks against online accounts are still popular, and they work thanks to continuing password reuse.π Read
via "Dark Reading".
Dark Reading
Big Cyber Hits on GM, Chicago Public Schools, & Zola Showcase the Password Problem
Credential-stuffing attacks against online accounts are still popular, and they work thanks to continuing password reuse.
π΄ Act Now: Leveraging PCI Compliance to Improve Security π΄
π Read
via "Dark Reading".
Let the threat landscape guide your company's timeline for complying with new data security standards for credit cards. Use the phase-in time to improve security overall β security as a process β not just comply with new standards.π Read
via "Dark Reading".
Dark Reading
Act Now: Leveraging PCI Compliance to Improve Security
Let the threat landscape guide your company's timeline for complying with new data security standards for credit cards. Use the phase-in time to improve security overall β security as a process β not just comply with new standards.
π΄ Quanta Servers Caught With Pantsdown BMC Vulnerability π΄
π Read
via "Dark Reading".
Researchers discover 3-year-old critical firmware vulnerability running in popular cloud servers used to power hyperscalers and cloud providers alike.π Read
via "Dark Reading".
Dark Reading
Quanta Servers Caught With 'Pantsdown' BMC Vulnerability
Researchers discover 3-year-old critical firmware vulnerability, running in popular cloud servers used to power hyperscalers and cloud providers alike.
ποΈ LinkedIn bug bounty program goes public with rewards of up to $18k ποΈ
π Read
via "The Daily Swig".
Social media platform ends private program after paying $250,000 in rewards over eight yearsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
LinkedIn bug bounty program goes public with rewards of up to $18k
Social media platform ends private program after paying $250,000 in rewards over eight years
π1
βΌ CVE-2022-29687 βΌ
π Read
via "National Vulnerability Database".
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/level_del.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4231 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29680 βΌ
π Read
via "National Vulnerability Database".
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/zu_del.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29670 βΌ
π Read
via "National Vulnerability Database".
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/del.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29684 βΌ
π Read
via "National Vulnerability Database".
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/js_del.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20821 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1664 βΌ
π Read
via "National Vulnerability Database".
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29663 βΌ
π Read
via "National Vulnerability Database".
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/hy.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29662 βΌ
π Read
via "National Vulnerability Database".
CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/news/save.π Read
via "National Vulnerability Database".