🛡 Cybersecurity & Privacy 🛡 - News

🕴 Big Cyber Hits on GM, Chicago Public Schools, & Zola Showcase the Password Problem 🕴

Credential-stuffing attacks against online accounts are still popular, and they work thanks to continuing password reuse.

📖 Read

via "Dark Reading".

Dark Reading

Big Cyber Hits on GM, Chicago Public Schools, & Zola Showcase the Password Problem

Credential-stuffing attacks against online accounts are still popular, and they work thanks to continuing password reuse.

233 views14:25

🛡 Cybersecurity & Privacy 🛡 - News

🕴 Act Now: Leveraging PCI Compliance to Improve Security 🕴

Let the threat landscape guide your company's timeline for complying with new data security standards for credit cards. Use the phase-in time to improve security overall — security as a process — not just comply with new standards.

📖 Read

via "Dark Reading".

Dark Reading

Act Now: Leveraging PCI Compliance to Improve Security

Let the threat landscape guide your company's timeline for complying with new data security standards for credit cards. Use the phase-in time to improve security overall — security as a process — not just comply with new standards.

258 views14:25

🛡 Cybersecurity & Privacy 🛡 - News

🕴 Quanta Servers Caught With Pantsdown BMC Vulnerability 🕴

Researchers discover 3-year-old critical firmware vulnerability running in popular cloud servers used to power hyperscalers and cloud providers alike.

📖 Read

via "Dark Reading".

Dark Reading

Quanta Servers Caught With 'Pantsdown' BMC Vulnerability

Researchers discover 3-year-old critical firmware vulnerability, running in popular cloud servers used to power hyperscalers and cloud providers alike.

270 views14:25

🛡 Cybersecurity & Privacy 🛡 - News

🗓️ LinkedIn bug bounty program goes public with rewards of up to $18k 🗓️

Social media platform ends private program after paying $250,000 in rewards over eight years

📖 Read

via "The Daily Swig".

The Daily Swig | Cybersecurity news and views

LinkedIn bug bounty program goes public with rewards of up to $18k

Social media platform ends private program after paying $250,000 in rewards over eight years

👍1

253 views15:52

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-29687 ‼

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/level_del.

📖 Read

via "National Vulnerability Database".

215 views16:14

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-4231 ‼

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component.

📖 Read

via "National Vulnerability Database".

177 views16:14

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-29680 ‼

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/zu_del.

📖 Read

via "National Vulnerability Database".

156 views16:14

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-29670 ‼

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/del.

📖 Read

via "National Vulnerability Database".

142 views16:14

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-29684 ‼

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/js_del.

📖 Read

via "National Vulnerability Database".

143 views16:14

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-20821 ‼

A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system.

📖 Read

via "National Vulnerability Database".

143 views16:14

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-1664 ‼

Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.

📖 Read

via "National Vulnerability Database".

137 views16:14

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-29663 ‼

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/hy.

📖 Read

via "National Vulnerability Database".

131 views16:14

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-29662 ‼

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/news/save.

📖 Read

via "National Vulnerability Database".

124 views16:14

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-29660 ‼

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del.

📖 Read

via "National Vulnerability Database".

121 views16:14

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-29681 ‼

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Links/del.

📖 Read

via "National Vulnerability Database".

119 views16:14

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-29686 ‼

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/lists/zhuan.

📖 Read

via "National Vulnerability Database".

118 views16:14

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-29688 ‼

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy.

📖 Read

via "National Vulnerability Database".

124 views16:14

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2021-34360 ‼

A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later

📖 Read

via "National Vulnerability Database".

137 views16:14

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-29669 ‼

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/lists/zhuan.

📖 Read

via "National Vulnerability Database".

135 views16:14

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-1886 ‼

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

📖 Read

via "National Vulnerability Database".

149 views16:14

🛡 Cybersecurity & Privacy 🛡 - News

‼ CVE-2022-29666 ‼

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan.

📖 Read

via "National Vulnerability Database".

154 views16:14

About

Blog

Apps

Platform