β Zero-Day βFollinaβ Bug Lays Older Microsoft Office Versions Open to Attack β
π Read
via "Threat Post".
Malware loads itself from remote servers and bypasses Microsoft's Defender AV scanner, according to reports.π Read
via "Threat Post".
Threat Post
Zero-Day βFollinaβ Bug Lays Microsoft Office Open to Attack
Malware loads itself from remote servers and bypasses Microsoft's Defender AV scanner, according to reports.
π΄ 6 Steps to Ensure Cyber Resilience π΄
π Read
via "Dark Reading".
To minimize the impact of cyber incidents, organizations must be pragmatic and develop a strategy of resilience for dealing with break-ins, advanced malware, and data theft.π Read
via "Dark Reading".
Dark Reading
6 Steps to Ensure Cyber Resilience
To minimize the impact of cyber incidents, organizations must be pragmatic and develop a strategy of resilience for dealing with break-ins, advanced malware, and data theft.
ποΈ Dozens of high-traffic websites vulnerable to βaccount pre-hijackingβ, study finds ποΈ
π Read
via "The Daily Swig".
Validation check loopholes exposedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Dozens of high-traffic websites vulnerable to βaccount pre-hijackingβ, study finds
Validation check loopholes exposed
β S3 Ep84: Government demand, Mozilla velocity, and Clearview fine [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Naked Security
S3 Ep84: Government demand, Mozilla velocity, and Clearview fine [Podcast]
Latest episode β listen now!
ποΈ Data breach at Australian pension provider Spirit Super impacts 50k victims following phishing attack ποΈ
π Read
via "The Daily Swig".
βSuper fundβ confirms user information has been exposedπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Data breach at Australian pension provider Spirit Super impacts 50k victims following phishing attack
βSuper fundβ confirms user information has been exposed
β Beware the Smish! Home delivery scams with a professional feelβ¦ β
π Read
via "Naked Security".
Home delivery scams are getting leaner, and meaner, and more likely to "look about right". Here's an example to show you what we mean...π Read
via "Naked Security".
Naked Security
Beware the Smish! Home delivery scams with a professional feelβ¦
Home delivery scams are getting leaner, and meaner, and more likely to βlook about rightβ. Hereβs an example to show you what we meanβ¦
βΌ CVE-2022-1931 βΌ
π Read
via "National Vulnerability Database".
Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1934 βΌ
π Read
via "National Vulnerability Database".
Use After Free in GitHub repository mruby/mruby prior to 3.2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3555 βΌ
π Read
via "National Vulnerability Database".
A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows a local attacker to achieve remote code execution. This issue affects: Eufy Indoor 2K Indoor Camera 2.0.9.3 version and prior versions.π Read
via "National Vulnerability Database".
β EnemyBot Malware Targets Web Servers, CMS Tools and Android OS β
π Read
via "Threat Post".
Malware borrows generously from code used by other botnets such as Mirai, Qbot and Zbot.π Read
via "Threat Post".
Threat Post
EnemyBot Malware Targets Web Servers, CMS Tools and Android OS
Malware borrows generously from code used by other botnets such as Mirai, Qbot and Zbot.
ποΈ Connecticut becomes fifth US state to enact comprehensive consumer privacy law ποΈ
π Read
via "The Daily Swig".
The newly signed CTPA is more consumer-friendly than similar legislation in other US statesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Connecticut becomes fifth US state to enact comprehensive consumer privacy law
The newly signed CTPA is more consumer-friendly than similar legislation in other US states
π΄ How to Keep Your Enterprise Safe From Digital Supply Chain Attacks π΄
π Read
via "Dark Reading".
Digital supply chains are more vulnerable than ever; here's what you need to do to secure them.π Read
via "Dark Reading".
Dark Reading
How to Keep Your Enterprise Safe From Digital Supply Chain Attacks
Digital supply chains are more vulnerable than ever; here's what you need to do to secure them.
βΌ CVE-2022-1942 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30973 βΌ
π Read
via "National Vulnerability Database".
We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23082 βΌ
π Read
via "National Vulnerability Database".
In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function ΓΒ’Γ’βΒ¬ΓΕisFileOutsideDirΓΒ’Γ’β¬ÒβΒ’ fails to sanitize the user input which may lead to path traversal.π Read
via "National Vulnerability Database".
ποΈ Bug Bounty Radar // The latest bug bounty programs for June 2022 ποΈ
π Read
via "The Daily Swig".
New web targets for the discerning hackerπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Bug Bounty Radar // The latest bug bounty programs for June 2022
New web targets for the discerning hacker
π΄ New CyberCatch Research Discovers Alarming Increase in Cyber Vulnerabilities for Small and Medium Sized Businesses in US and Canada π΄
π Read
via "Dark Reading".
For the first time, CyberCatch's SMBVR detected significant vulnerability to 'session riding' attacks among North American SMBs.π Read
via "Dark Reading".
Dark Reading
New CyberCatch Research Discovers Alarming Increase in Cyber Vulnerabilities for Small and Medium Sized Businesses in US and Canada
For the first time, CyberCatch's SMBVR detected significant vulnerability to 'session riding' attacks among North American SMBs.
π΄ Fewer DDoS Attacks in 2021, Still Above Pre-Pandemic Levels π΄
π Read
via "Dark Reading".
New research finds a rise in TCP acknowledgement (ACK) DDoS attacks, which rely on a smaller amount of traffic to disrupt targets.π Read
via "Dark Reading".
Dark Reading
Fewer DDoS Attacks in 2021, Still Above Pre-Pandemic Levels
New research finds a rise in TCP acknowledgement (ACK) DDoS attacks, which rely on a smaller amount of traffic to disrupt targets.
βΌ CVE-2022-29258 βΌ
π Read
via "National Vulnerability Database".
XWiki Platform Filter UI provides a generic user interface to convert from a XWiki Filter input stream to an output stream with settings for each stream. Starting with versions 6.0-milestone-2 and 5.4.4 and prior to versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3, XWiki Platform Filter UI contains a possible cross-site scripting vector in the `Filter.FilterStreamDescriptorForm` wiki page related to pretty much all the form fields printed in the home page of the application. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest workaround is to edit the wiki page `Filter.FilterStreamDescriptorForm` (with wiki editor) according to the instructions in the GitHub Security Advisory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29243 βΌ
π Read
via "National Vulnerability Database".
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0.4, missing input-size validation of new session names allows users to create app passwords with long names. These long names are then loaded into memory on usage, resulting in impacted performance. Versions 22.2.7 and 23.0.4 contain a fix for this issue. There are currently no known workarounds available.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22361 βΌ
π Read
via "National Vulnerability Database".
IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.π Read
via "National Vulnerability Database".