π΄ ReliaQuest Bolsters Extended Detection With Threat Intelligence π΄
π Read
via "Dark Reading".
ReliaQuest CTO Joe Partlow joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss extended detection response β and acquisition news.π Read
via "Dark Reading".
Darkreading
ReliaQuest Bolsters Extended Detection With Threat Intelligence
ReliaQuest CTO Joe Partlow joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss extended detection response β and acquisition news.
ποΈ Chinese cyber threat actors are widely abusing well-known attacks to infiltrate networks, CISA warns ποΈ
π Read
via "The Daily Swig".
APTs hammering unpatched vulnerabilitiesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Chinese cyber threat actors are widely abusing well-known attacks to infiltrate networks, CISA warns
APTs hammering unpatched vulnerabilities
ποΈ Formidable developer fights back against βcriticalβ CVE vulnerability assignment ποΈ
π Read
via "The Daily Swig".
βThis false accusation messed up the release of one of our services,β maintainer lamentsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Researcher defends Formidable in fight against βcriticalβ CVE vulnerability assignment
βThis false accusation messed up the release of one of our services,β security pro laments
π΄ Automox Adds Automation to Patching, Vuln Management π΄
π Read
via "Dark Reading".
Automox's Paul Zimski joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about automated patch management.π Read
via "Dark Reading".
Darkreading
Automox Adds Automation to Patching, Vuln Management
Automox's Paul Zimski joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about automated patch management.
π΄ Why AIs Will Become Hackers π΄
π Read
via "Dark Reading".
At a 2022 RSA Conference keynote, technologist Bruce Schneier asserted that artificial intelligence agents will start to hack human systems β and what that will mean for us.π Read
via "Dark Reading".
Dark Reading
Why AIs Will Become Hackers
At a 2022 RSA Conference keynote, technologist Bruce Schneier asserted that artificial intelligence agents will start to hack human systems β and what that will mean for us.
π΄ Uptycs: Observability Is Key to Cloud Security π΄
π Read
via "Dark Reading".
Uptycs' Ganesh Pai joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about cloud security and observability.π Read
via "Dark Reading".
Darkreading
Uptycs: Observability Is Key to Cloud Security
Uptycs' Ganesh Pai joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about cloud security and observability.
βΌ CVE-2022-31030 βΌ
π Read
via "National Vulnerability Database".
containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing processes via an "exec" facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1998 βΌ
π Read
via "National Vulnerability Database".
A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31390 βΌ
π Read
via "National Vulnerability Database".
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31830 βΌ
π Read
via "National Vulnerability Database".
Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the init function at ImageCapture.class.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23138 βΌ
π Read
via "National Vulnerability Database".
ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31393 βΌ
π Read
via "National Vulnerability Database".
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40961 βΌ
π Read
via "National Vulnerability Database".
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32272 βΌ
π Read
via "National Vulnerability Database".
OPSWAT MetaDefender Core (MDCore) before 5.1.2 has incorrect access control, resulting in privilege escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31827 βΌ
π Read
via "National Vulnerability Database".
MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function performFetchRequest at HTTPFetcher.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2035 βΌ
π Read
via "National Vulnerability Database".
A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim's browser.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31386 βΌ
π Read
via "National Vulnerability Database".
A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter.π Read
via "National Vulnerability Database".
π΄ How AI Is Useful β and Not Useful β for Cybersecurity π΄
π Read
via "Dark Reading".
AI works best when security professionals and AI are complementing each other.π Read
via "Dark Reading".
Dark Reading
How AI Is Useful β and Not Useful β for Cybersecurity
AI works best when security professionals and AI are complementing each other.
π΄ Want Better Security? Up Your Collaboration Game π΄
π Read
via "Dark Reading".
BAE Systems' Peder Jungck joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss the importance of collaboration.π Read
via "Dark Reading".
Darkreading
Want Better Security? Up Your Collaboration Game
BAE Systems' Peder Jungck joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss the importance of collaboration.
π΄ Sophos: Keeping Tabs on the Bad Guys Using Threat Research π΄
π Read
via "Dark Reading".
Sophos' John Shier joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss the ransomware problem.π Read
via "Dark Reading".
Darkreading
Sophos: Keeping Tabs on the Bad Guys Using Threat Research
Sophos' John Shier joins Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to discuss the ransomware problem.
π΄ Cisco Revamps Cloud Security Strategy With New Secure Access, SASE Portfolio π΄
π Read
via "Dark Reading".
The company's vision for the future of cloud security is based on simplified, horizontal coverage across multiple cloud platforms.π Read
via "Dark Reading".
Dark Reading
Cisco Revamps Cloud Security Strategy With New Secure Access, SASE Portfolio
The company's vision for the future of cloud security is based on simplified, horizontal coverage across multiple cloud platforms.
π1