βΌ CVE-2022-20666 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20806 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1897 βΌ
π Read
via "National Vulnerability Database".
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20667 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20669 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.π Read
via "National Vulnerability Database".
π΄ New Chaos Malware Variant Ditches Wiper for Encryption π΄
π Read
via "Dark Reading".
The Chaos ransomware-builder was known for creating destructor malware that overwrote files and made them unrecoverable -- but the new Yashma version finally generates binaries that can encrypt files of all sizes.π Read
via "Dark Reading".
Dark Reading
New Chaos Malware Variant Ditches Wiper for Encryption
The Chaos ransomware-builder was known for creating destructor malware that overwrote files and made them unrecoverable -- but the new Yashma version finally generates binaries that can encrypt files of all sizes.
π1
π΄ Scammer Behind $568M International Cybercrime Syndicate Gets 4 Years π΄
π Read
via "Dark Reading".
The 14th defendant behind The Infraud Organization contraband marketplace has been sentenced, this time for one count of racketeering.π Read
via "Dark Reading".
Dark Reading
Scammer Behind $568M International Cybercrime Syndicate Gets 4 Years
The 14th defendant behind The Infraud Organization contraband marketplace has been sentenced, this time for one count of racketeering.
βΌ CVE-2021-27780 βΌ
π Read
via "National Vulnerability Database".
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27781 βΌ
π Read
via "National Vulnerability Database".
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.π Read
via "National Vulnerability Database".
π΄ Space Force Expands Cyber Defense Operations π΄
π Read
via "Dark Reading".
Space Force's Delta 6 cyber-defense group adds squadrons, updates legacy Satellite Control Network.π Read
via "Dark Reading".
Dark Reading
Space Force Expands Cyber Defense Operations
Space Force's Delta 6 cyber-defense group adds squadrons, updates legacy Satellite Control Network.
π΄ Exposed Kubernetes Clusters, Kubelet Ports Can Be Abused in Cyberattacks π΄
π Read
via "Dark Reading".
Organizations must ensure their kubelets and related APIs arenβt inadvertently exposed or lack proper access control, offering an easy access point for malicious actors.π Read
via "Dark Reading".
Dark Reading
Exposed Kubernetes Clusters, Kubelet Ports Can Be Abused in Cyberattacks
Organizations must ensure their kubelets and related APIs arenβt inadvertently exposed or lack proper access control, offering an easy access point for malicious actors.
βΌ CVE-2022-25878 βΌ
π Read
via "National Vulnerability Database".
The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions 2. by parsing/loading .proto filesπ Read
via "National Vulnerability Database".
π’ AVG AntiVirus Free review: Great malware protection, though the upsell is a turn-off π’
π Read
via "ITPro".
AVG serves up the same powerful antivirus engine as Avast, but the trimmings arenβt as generousπ Read
via "ITPro".
IT PRO
AVG AntiVirus Free review: Great malware protection, though the upsell is a turn-off | IT PRO
AVG serves up the same powerful antivirus engine as Avast, but the trimmings arenβt as generous
π’ What is hacktivism? π’
π Read
via "ITPro".
From Anonymous to Omega, hereβs everything you need to know about hackers with a conscienceπ Read
via "ITPro".
IT PRO
What is hacktivism? | IT PRO
From Anonymous to the IT Army of Ukraine, we answer 'what is hacktivism' and guide you through the history of the most compelling corner of the tech industry
π’ Google adds new security vendor plugins for Chrome, improved Chrome OS policy controls for IT admins π’
π Read
via "ITPro".
New integrations across various security pillars aim to improve Chrome OS and Chrome browser security for enterprise customersπ Read
via "ITPro".
IT PRO
Google adds new security vendor plugins for Chrome, improved Chrome OS policy controls for IT admins | IT PRO
New integrations across various security pillars aim to improve Chrome OS and Chrome browser security for enterprise customers
π’ Avast One Essential review: A great free antivirus solution with some tempting extra features π’
π Read
via "ITPro".
If Microsoft Defender isnβt doing it for you, Avast has you covered with strong protection in a user-friendly packageπ Read
via "ITPro".
ITPro
Avast One Essential review: A great free antivirus solution with some tempting extra features
If Microsoft Defender isnβt doing it for you, Avast has you covered with strong protection in a user-friendly package
π’ (ISC)2 launches free scheme to get 100,000 UK citizens into cyber security π’
π Read
via "ITPro".
The certification non-profit estimates the UK has around 33,000 cyber security vacancies, with that figure set to rise this yearπ Read
via "ITPro".
IT PRO
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security | IT PRO
The industry body will offer its entry-level cyber security course and exam at no cost for uncertified individuals looking to move into a career in information security
π’ US indicts heart doctor for allegedly spearheading high-profile ransomware operations π’
π Read
via "ITPro".
The 55-year-old cardiologist profited from a ransomware side hustle and coached would-be hackers in using his tools for maximum rewardsπ Read
via "ITPro".
IT PRO
US indicts heart doctor for allegedly spearheading high-profile ransomware operations | IT PRO
The 55-year-old cardiologist profited from a ransomware side hustle and coached would-be hackers in using his tools for maximum rewards
π’ QuSecure launches industry-first 'quantum security as a service' π’
π Read
via "ITPro".
The post-quantum cyber security solution is targeted at enterprises and βgovernment entitiesπ Read
via "ITPro".
IT PRO
QuSecure launches industry-first 'quantum security as a service' | IT PRO
The post-quantum cyber security solution is targeted at enterprises and βgovernment entities
π’ Open source packages with millions of installs hacked to harvest AWS credentials π’
π Read
via "ITPro".
Two popular open source packages used by Python and PHP developers have been quietly compromised with successful attacks already being reportedπ Read
via "ITPro".
IT PRO
Open source packages with millions of installs hacked to harvest AWS credentials | IT PRO
Two popular open source packages used by Python and PHP developers have been quietly compromised with successful attacks already being reported
π’ US security agency issues emergency alert over vulnerable VMware products π’
π Read
via "ITPro".
A string of actively exploited critical vulnerabilities across five popular VMware products has been described as an "unacceptable risk" to government systemsπ Read
via "ITPro".
IT PRO
US security agency issues emergency alert over vulnerable VMware products | IT PRO
A string of actively exploited critical vulnerabilities across five popular VMware products has been described as an "unacceptable risk" to government systems