π΄ FDA: Patch Illumina DNA Sequencing Instruments, Stat π΄
π Read
via "Dark Reading".
A critical security bug could lead to remote device control, altered lab results, and more, putting patients in danger, agency warns.π Read
via "Dark Reading".
Dark Reading
FDA: Patch Illumina DNA Sequencing Instruments, Stat
A critical security bug could lead to remote device control, altered lab results, and more, putting patients in danger, agency warns.
βΌ CVE-2022-29770 βΌ
π Read
via "National Vulnerability Database".
XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43271 βΌ
π Read
via "National Vulnerability Database".
Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a (when configured to use local, RADIUS, or TACACS authentication) logs usernames and passwords if either is entered incorrectly. If a user enters an incorrect username and/or password when logging into the WebUI, these attempted credentials are included in an error message that is logged in the WebUI log file. A log entry does not appear if the username and password provided correctly match a valid set of credentials. This also does not happen if AppResponse is configured to use SAML authentication. The WebUI log file is included in subsequent diagnostic system dumps that are generated. (Only users with Full Control access to the System Configuration permission can generate system dumps. By default, only System Administrators have Full Control access to the System Configuration permission.)π Read
via "National Vulnerability Database".
βΌ CVE-2022-29784 βΌ
π Read
via "National Vulnerability Database".
PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29778 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-29773 βΌ
π Read
via "National Vulnerability Database".
An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set.π Read
via "National Vulnerability Database".
ποΈ Incoming! Atlassian Confluence attacks prompt calls for rapid patching ποΈ
π Read
via "The Daily Swig".
China suspected in assaults against enterprises running collaboration platformπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Incoming! Atlassian Confluence attacks prompt calls for rapid patching
China suspected in assaults against enterprises running collaboration platform
π΄ Name That Edge Toon: Hey, Batter Batter! π΄
π Read
via "Dark Reading".
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Edge Toon: Hey, Batter Batter!
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
π΄ Are You Ready for a Breach in Your Organization's Slack Workspace? π΄
π Read
via "Dark Reading".
A single compromised Slack account can easily be leveraged to deceive other users and gain additional access to other users and multiple Slack channels.π Read
via "Dark Reading".
Dark Reading
Are You Ready for a Breach in Your Organization's Slack Workspace?
A single compromised Slack account can easily be leveraged to deceive other users and gain additional access to other users and multiple Slack channels.
βΌ CVE-2021-42245 βΌ
π Read
via "National Vulnerability Database".
FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in pages.edit.php through meta tags and content sections.π Read
via "National Vulnerability Database".
ποΈ Unpatched bug chain poses βmass account takeoverβ threat to Yunmai weight monitoring app ποΈ
π Read
via "The Daily Swig".
User data related to at least 500,000 Android accounts at riskπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Unpatched bug chain poses βmass account takeoverβ threat to Yunmai weight monitoring app
User data related to at least 500,000 Android accounts at risk
π Falco 0.32.0 π
π Read
via "Packet Storm Security".
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.π Read
via "Packet Storm Security".
Packetstormsecurity
Falco 0.32.0 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Zeek 4.2.2 π
π Read
via "Packet Storm Security".
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Zeek 4.2.2 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π₯1
π΄ The CISO Shortlist: Top Priorities at RSA 2022 π΄
π Read
via "Dark Reading".
The buzz on the show floor during RSA Conference is about aligning the organization's security priorities with the right technology. Will Lin, managing director and founding member at Forgepoint Capital, weighs in on the biggest security priorities for 2022 β and what kind of tech senior-level executives are looking for.π Read
via "Dark Reading".
Dark Reading
The CISO Shortlist: Top Priorities at RSAC 2022
The buzz on the show floor during RSA Conference is about aligning the organization's security priorities with the right technology. Will Lin, managing director and founding member at Forgepoint Capital, weighs in on the biggest security priorities for 2022β¦
π΄ Cybersecurity M&A Activity Shows No Signs of Slowdown π΄
π Read
via "Dark Reading".
But valuations have dropped β and investors are paying closer attention to revenues and profitability, industry analysts say.π Read
via "Dark Reading".
Dark Reading
Cybersecurity M&A Activity Shows No Signs of Slowdown
But valuations have dropped β and investors are paying closer attention to revenues and profitability, industry analysts say.
β Atlassian announces 0-day hole in Confluence Server β update now! β
π Read
via "Naked Security".
Zero-day announced - here's what you need to knowπ Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2022-30861 βΌ
π Read
via "National Vulnerability Database".
FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41932 βΌ
π Read
via "National Vulnerability Database".
A blind SQL injection vulnerability in search form in TeamMate+ Audit version 28.0.19.0 allows any authenticated user to create malicious SQL injections, which can result in complete database compromise, gaining information about other users, unauthorized access to audit data etc.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30860 βΌ
π Read
via "National Vulnerability Database".
FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30863 βΌ
π Read
via "National Vulnerability Database".
FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel.π Read
via "National Vulnerability Database".
π΄ IBM to Buy Attack Surface-Management Firm Randori π΄
π Read
via "Dark Reading".
Randoriβs attack surface management software to be integrated into IBM Security QRadar extended detection and response (XDR) features.π Read
via "Dark Reading".
Dark Reading
IBM to Buy Attack Surface-Management Firm Randori
Randoriβs attack-surface management software will be integrated into IBM Security QRadar extended detection and response (XDR) features.