βΌ CVE-2022-20802 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20670 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20674 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20673 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20666 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20806 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1897 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20667 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20669 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.π Read
via "National Vulnerability Database".
π΄ New Chaos Malware Variant Ditches Wiper for Encryption π΄
π Read
via "Dark Reading".
The Chaos ransomware-builder was known for creating destructor malware that overwrote files and made them unrecoverable -- but the new Yashma version finally generates binaries that can encrypt files of all sizes.π Read
via "Dark Reading".
Dark Reading
New Chaos Malware Variant Ditches Wiper for Encryption
The Chaos ransomware-builder was known for creating destructor malware that overwrote files and made them unrecoverable -- but the new Yashma version finally generates binaries that can encrypt files of all sizes.
π1
π΄ Scammer Behind $568M International Cybercrime Syndicate Gets 4 Years π΄
π Read
via "Dark Reading".
The 14th defendant behind The Infraud Organization contraband marketplace has been sentenced, this time for one count of racketeering.π Read
via "Dark Reading".
Dark Reading
Scammer Behind $568M International Cybercrime Syndicate Gets 4 Years
The 14th defendant behind The Infraud Organization contraband marketplace has been sentenced, this time for one count of racketeering.
βΌ CVE-2021-27780 βΌ
π Read
via "National Vulnerability Database".
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27781 βΌ
π Read
via "National Vulnerability Database".
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.π Read
via "National Vulnerability Database".
π΄ Space Force Expands Cyber Defense Operations π΄
π Read
via "Dark Reading".
Space Force's Delta 6 cyber-defense group adds squadrons, updates legacy Satellite Control Network.π Read
via "Dark Reading".
Dark Reading
Space Force Expands Cyber Defense Operations
Space Force's Delta 6 cyber-defense group adds squadrons, updates legacy Satellite Control Network.
π΄ Exposed Kubernetes Clusters, Kubelet Ports Can Be Abused in Cyberattacks π΄
π Read
via "Dark Reading".
Organizations must ensure their kubelets and related APIs arenβt inadvertently exposed or lack proper access control, offering an easy access point for malicious actors.π Read
via "Dark Reading".
Dark Reading
Exposed Kubernetes Clusters, Kubelet Ports Can Be Abused in Cyberattacks
Organizations must ensure their kubelets and related APIs arenβt inadvertently exposed or lack proper access control, offering an easy access point for malicious actors.
βΌ CVE-2022-25878 βΌ
π Read
via "National Vulnerability Database".
The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions 2. by parsing/loading .proto filesπ Read
via "National Vulnerability Database".
π’ AVG AntiVirus Free review: Great malware protection, though the upsell is a turn-off π’
π Read
via "ITPro".
AVG serves up the same powerful antivirus engine as Avast, but the trimmings arenβt as generousπ Read
via "ITPro".
IT PRO
AVG AntiVirus Free review: Great malware protection, though the upsell is a turn-off | IT PRO
AVG serves up the same powerful antivirus engine as Avast, but the trimmings arenβt as generous
π’ What is hacktivism? π’
π Read
via "ITPro".
From Anonymous to Omega, hereβs everything you need to know about hackers with a conscienceπ Read
via "ITPro".
IT PRO
What is hacktivism? | IT PRO
From Anonymous to the IT Army of Ukraine, we answer 'what is hacktivism' and guide you through the history of the most compelling corner of the tech industry
π’ Google adds new security vendor plugins for Chrome, improved Chrome OS policy controls for IT admins π’
π Read
via "ITPro".
New integrations across various security pillars aim to improve Chrome OS and Chrome browser security for enterprise customersπ Read
via "ITPro".
IT PRO
Google adds new security vendor plugins for Chrome, improved Chrome OS policy controls for IT admins | IT PRO
New integrations across various security pillars aim to improve Chrome OS and Chrome browser security for enterprise customers
π’ Avast One Essential review: A great free antivirus solution with some tempting extra features π’
π Read
via "ITPro".
If Microsoft Defender isnβt doing it for you, Avast has you covered with strong protection in a user-friendly packageπ Read
via "ITPro".
ITPro
Avast One Essential review: A great free antivirus solution with some tempting extra features
If Microsoft Defender isnβt doing it for you, Avast has you covered with strong protection in a user-friendly package
π’ (ISC)2 launches free scheme to get 100,000 UK citizens into cyber security π’
π Read
via "ITPro".
The certification non-profit estimates the UK has around 33,000 cyber security vacancies, with that figure set to rise this yearπ Read
via "ITPro".
IT PRO
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security | IT PRO
The industry body will offer its entry-level cyber security course and exam at no cost for uncertified individuals looking to move into a career in information security