π΄ Managing Extended Software Supply Chain Risks π΄
π Read
via "Dark Reading".
Supply chain woes have dominated headlines, but there's another type of supply chain that's also increasingly at risk: the cloud supply chain.π Read
via "Dark Reading".
Dark Reading
Managing Extended Software Supply Chain Risks
Supply chain woes have dominated headlines, but there's another type of supply chain that's also increasingly at risk: the cloud supply chain.
βΌ CVE-2022-29235 βΌ
π Read
via "National Vulnerability Database".
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and up to versions 2.3.18 and 2.4-rc-6, an attacker who is able to obtain the meeting identifier for a meeting on a server can find information related to an external video being shared, like the current timestamp and play/pause. The problem has been patched in versions 2.3.18 and 2.4-rc-6 by modifying the stream to send the data only for users in the meeting. There are currently no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29234 βΌ
π Read
via "National Vulnerability Database".
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and up to versions 2.3.18 and 2.4.1, an attacker could send messages to a locked chat within a grace period of 5s after the lock setting was enacted. The attacker needs to be a participant in the meeting. Versions 2.3.18 and 2.4.1 contain a patch for this issue. There are currently no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29233 βΌ
π Read
via "National Vulnerability Database".
BigBlueButton is an open source web conferencing system. In BigBlueButton starting with 2.2 but before 2.3.18 and 2.4-rc-1, an attacker can circumvent access controls to gain access to all breakout rooms of the meeting they are in. The permission checks rely on knowledge of internal ids rather than on verification of the role of the user. Versions 2.3.18 and 2.4-rc-1 contain a patch for this issue. There are currently no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29236 βΌ
π Read
via "National Vulnerability Database".
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and up to versions 2.3.18 and 2.4-rc-6, an attacker can circumvent access restrictions for drawing on the whiteboard. The permission check is inadvertently skipped on the server, due to a previously introduced grace period. The attacker must be a meeting participant. The problem has been patched in versions 2.3.18 and 2.4-rc-6. There are currently no known workarounds.π Read
via "National Vulnerability Database".
β Being prepared for adversarial attacks β
π Read
via "Threat Post".
There is no question that the level of threats facing todayβs businesses continues to change on a daily basis. So what are the trends that CISOs need to be on the lookout for? For this episode of the Threatpost podcast, I am joined by Derek Manky, Chief Security Strategist & VP Global Threat Intelligence, Fortinetβs [β¦]π Read
via "Threat Post".
Threat Post
Being Prepared for Adversarial Attacks β Podcast
There is no question that the level of threats facing todayβs businesses continues to change on a daily basis. So what are the trends that CISOs need to be on the lookout for? For this episode of the Threatpost podcast, I am joined by Derek Manky, Chief Securityβ¦
ποΈ Insight: Russia is βfailingβ in its mission to destabilize Ukraineβs networks after a series of thwarted cyber-attacks ποΈ
π Read
via "The Daily Swig".
Speaking at WithSecureβs annual conference, Mikko HyppΓΆnen discussed the threat landscape between the two nationsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Insight: Russia is βfailingβ in its mission to destabilize Ukraineβs networks after a series of thwarted cyber-attacks
Speaking at WithSecureβs annual conference, Mikko HyppΓΆnen discussed the threat landscape between the two nations
β International Authorities Take Down Flubot Malware Network β
π Read
via "Threat Post".
The info-stealing trojan used SMS messages and lifted contact credentials to spread with unprecedented speed across Android devices globally since December 2020.π Read
via "Threat Post".
Threat Post
International Authorities Take Down Flubot Malware Network
The info-stealing trojan used SMS messages and lifted contact credentials to spread with unprecedented speed across Android devices globally since December 2020.
β Scammers Target NFT Discord Channel β
π Read
via "Threat Post".
Hackers escalate phishing and scamming attacks to exploit popular Discord bot and persuade users to click on the malicious links.π Read
via "Threat Post".
Threat Post
Scammers Target NFT Discord Channel
Hackers escalate phishing and scamming attacks to exploit popular Discord bot and persuade users to click on the malicious links.
β Cybercriminals Expand Attack Radius and Ransomware Pain Points β
π Read
via "Threat Post".
Melissa Bischoping, security researcher with Tanium and Infosec Insiders columnist, urges firms to consider the upstream and downstream impact of "triple extortion" ransomware attacks.π Read
via "Threat Post".
Threat Post
Cybercriminals Expand Attack Radius and Ransomware Pain Points
Melissa Bischoping, security researcher with Tanium and Infosec Insiders columnist, urges firms to consider the upstream and downstream impact of "triple extortion" ransomware attacks.
π΄ Neutralizing Novel Trickbot Attacks With AI π΄
π Read
via "Dark Reading".
Artificial intelligence technology can detect the latest wave of Trickbot ransomware and block the attack before it causes damage.π Read
via "Dark Reading".
Dark Reading
Neutralizing Novel Trickbot Attacks With AI
Artificial intelligence technology can detect the latest wave of Trickbot ransomware and block the attack before it causes damage.
π1
π΄ Fighting Follina: Application Vulnerabilities and Detection Possibilities π΄
π Read
via "Dark Reading".
Although organizations should perform proper risk analysis and patch as soon as practical after there's a fix for this vulnerability, defenders still have options before that's released.π Read
via "Dark Reading".
Dark Reading
Fighting Follina: Application Vulnerabilities and Detection Possibilities
Although organizations should perform proper risk analysis and patch as soon as practical after there's a fix for this vulnerability, defenders still have options before that's released.
β Yet another zero-day (sort of) in Windows βsearch URLβ handling β
π Read
via "Naked Security".
More trouble with special-purpose URLs on Windows.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π΄ 'Clipminer' Malware Actors Steal $1.7 Million Using Clipboard Hijackingp π΄
π Read
via "Dark Reading".
The malware targets Windows users via Trojanized downloads of cracked or pirated software and then starts in on cryptocurrency mining and clipboard hijacking.π Read
via "Dark Reading".
Dark Reading
'Clipminer' Malware Actors Steal $1.7 Million Using Clipboard Hijacking
The malware targets Windows users via Trojanized downloads of cracked or pirated software and then starts in on cryptocurrency mining and clipboard hijacking.
β Yet another zero-day (sort of) in Windows βsearch URLβ handling β
π Read
via "Naked Security".
More trouble with special-purpose URLs on Windows.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β S3 Ep85: Now THATβS what I call a Microsoft Office exploit! [Podcast] β
π Read
via "Naked Security".
Latest episode - listen now!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2022-27780 βΌ
π Read
via "National Vulnerability Database".
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-29653 βΌ
π Read
via "National Vulnerability Database".
OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29659 βΌ
π Read
via "National Vulnerability Database".
Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30819 βΌ
π Read
via "National Vulnerability Database".
In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "photos_edit.php" file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29711 βΌ
π Read
via "National Vulnerability Database".
LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php.π Read
via "National Vulnerability Database".