βΌ CVE-2022-1294 βΌ
π Read
via "National Vulnerability Database".
The IMDB info box WordPress plugin through 2.0 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2022-0376 βΌ
π Read
via "National Vulnerability Database".
The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1387 βΌ
π Read
via "National Vulnerability Database".
The No Future Posts WordPress plugin through 1.4 does not escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowedπ Read
via "National Vulnerability Database".
βΌ CVE-2022-1564 βΌ
π Read
via "National Vulnerability Database".
The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowedπ Read
via "National Vulnerability Database".
π GRR 3.4.6.0 π
π Read
via "Packet Storm Security".
GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.π Read
via "Packet Storm Security".
Packetstormsecurity
GRR 3.4.6.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Zero-Day βFollinaβ Bug Lays Older Microsoft Office Versions Open to Attack β
π Read
via "Threat Post".
Malware loads itself from remote servers and bypasses Microsoft's Defender AV scanner, according to reports.π Read
via "Threat Post".
Threat Post
Zero-Day βFollinaβ Bug Lays Microsoft Office Open to Attack
Malware loads itself from remote servers and bypasses Microsoft's Defender AV scanner, according to reports.
π΄ 6 Steps to Ensure Cyber Resilience π΄
π Read
via "Dark Reading".
To minimize the impact of cyber incidents, organizations must be pragmatic and develop a strategy of resilience for dealing with break-ins, advanced malware, and data theft.π Read
via "Dark Reading".
Dark Reading
6 Steps to Ensure Cyber Resilience
To minimize the impact of cyber incidents, organizations must be pragmatic and develop a strategy of resilience for dealing with break-ins, advanced malware, and data theft.
ποΈ Dozens of high-traffic websites vulnerable to βaccount pre-hijackingβ, study finds ποΈ
π Read
via "The Daily Swig".
Validation check loopholes exposedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Dozens of high-traffic websites vulnerable to βaccount pre-hijackingβ, study finds
Validation check loopholes exposed
β S3 Ep84: Government demand, Mozilla velocity, and Clearview fine [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep84: Government demand, Mozilla velocity, and Clearview fine [Podcast]
Latest episode β listen now!
ποΈ Data breach at Australian pension provider Spirit Super impacts 50k victims following phishing attack ποΈ
π Read
via "The Daily Swig".
βSuper fundβ confirms user information has been exposedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Data breach at Australian pension provider Spirit Super impacts 50k victims following phishing attack
βSuper fundβ confirms user information has been exposed
β Beware the Smish! Home delivery scams with a professional feelβ¦ β
π Read
via "Naked Security".
Home delivery scams are getting leaner, and meaner, and more likely to "look about right". Here's an example to show you what we mean...π Read
via "Naked Security".
Naked Security
Beware the Smish! Home delivery scams with a professional feelβ¦
Home delivery scams are getting leaner, and meaner, and more likely to βlook about rightβ. Hereβs an example to show you what we meanβ¦
βΌ CVE-2022-1931 βΌ
π Read
via "National Vulnerability Database".
Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1934 βΌ
π Read
via "National Vulnerability Database".
Use After Free in GitHub repository mruby/mruby prior to 3.2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3555 βΌ
π Read
via "National Vulnerability Database".
A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows a local attacker to achieve remote code execution. This issue affects: Eufy Indoor 2K Indoor Camera 2.0.9.3 version and prior versions.π Read
via "National Vulnerability Database".
β EnemyBot Malware Targets Web Servers, CMS Tools and Android OS β
π Read
via "Threat Post".
Malware borrows generously from code used by other botnets such as Mirai, Qbot and Zbot.π Read
via "Threat Post".
Threat Post
EnemyBot Malware Targets Web Servers, CMS Tools and Android OS
Malware borrows generously from code used by other botnets such as Mirai, Qbot and Zbot.
ποΈ Connecticut becomes fifth US state to enact comprehensive consumer privacy law ποΈ
π Read
via "The Daily Swig".
The newly signed CTPA is more consumer-friendly than similar legislation in other US statesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Connecticut becomes fifth US state to enact comprehensive consumer privacy law
The newly signed CTPA is more consumer-friendly than similar legislation in other US states
π΄ How to Keep Your Enterprise Safe From Digital Supply Chain Attacks π΄
π Read
via "Dark Reading".
Digital supply chains are more vulnerable than ever; here's what you need to do to secure them.π Read
via "Dark Reading".
Dark Reading
How to Keep Your Enterprise Safe From Digital Supply Chain Attacks
Digital supply chains are more vulnerable than ever; here's what you need to do to secure them.
βΌ CVE-2022-1942 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30973 βΌ
π Read
via "National Vulnerability Database".
We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23082 βΌ
π Read
via "National Vulnerability Database".
In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function ΓΒ’Γ’βΒ¬ΓΕisFileOutsideDirΓΒ’Γ’β¬ÒβΒ’ fails to sanitize the user input which may lead to path traversal.π Read
via "National Vulnerability Database".
ποΈ Bug Bounty Radar // The latest bug bounty programs for June 2022 ποΈ
π Read
via "The Daily Swig".
New web targets for the discerning hackerπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bug Bounty Radar // The latest bug bounty programs for June 2022
New web targets for the discerning hacker