βΌ CVE-2017-20035 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation leads to cross site scripting (Persistent). The attack may be initiated remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42811 βΌ
π Read
via "National Vulnerability Database".
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SafeNet KeySecure allows an authenticated user to read arbitrary files from the underlying system on which the product is deployed.π Read
via "National Vulnerability Database".
ποΈ Separate Fujitsu cloud storage vulnerabilities could enable attackers to destroy virtual backups ποΈ
π Read
via "The Daily Swig".
Sysadmins should update their installations immediatelyπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Separate Fujitsu cloud storage vulnerabilities could enable attackers to destroy virtual backups
Sysadmins should update their installations immediately
π΄ In a Quickly Evolving Landscape, CISOs Shift Their 2022 Priorities π΄
π Read
via "Dark Reading".
Cloud migration, DevSecOps, cyber insurance, and more have emerged as important motivators for cybersecurity investment and focus.π Read
via "Dark Reading".
Dark Reading
In a Quickly Evolving Landscape, CISOs Shift Their 2022 Priorities
Cloud migration, DevSecOps, cyber insurance, and more have emerged as important motivators for cybersecurity investment and focus.
β U.S. Water Utilities Prime Cyberattack Target, Experts β
π Read
via "Threat Post".
Environmentalists and policymakers warn water treatment plants are ripe for attack.π Read
via "Threat Post".
Threat Post
U.S. Water Utilities Prime Cyberattack Target, Experts
Environmentalists and policymakers warn water treatment plants are ripe for attack.
π΄ How 4 Young Musicians Hacked Sheet Music to Help Fight the Cold War π΄
π Read
via "Dark Reading".
In 1985, a group of klezmer musicians from the US rendezvoused with underground dissidents in Tbilisi, Georgia. This is the story of how they pulled it off with homebrew cryptography.π Read
via "Dark Reading".
Dark Reading
The Edge
Find in-depth cybersecurity features on strategy, latest trends, and people to know.
π΄ Artificial Intelligence and Security: What You Should Know π΄
π Read
via "Dark Reading".
Next-generation AI products learn proactively and identify changes in the networks, users, and databases using "data drift" to adapt to specific threats as they evolve.π Read
via "Dark Reading".
Dark Reading
Artificial Intelligence and Security: What You Should Know
Next-generation AI products learn proactively and identify changes in the networks, users, and databases using "data drift" to adapt to specific threats as they evolve.
π Friday Five 6/10 π
π Read
via "".
Read up on how Apple is getting ahead of the curve on security, how you could be targeted in a Facebook phishing scam, why a different type of cyberattack could surpass ransomware, and more all in this weekβs Friday Five!
π Read
via "".
βΌ CVE-2021-44582 βΌ
π Read
via "National Vulnerability Database".
A Privilege Escalation vulnerability exists in Sourcecodester Money Transfer Management System 1.0, which allows a remote malicious user to gain elevated privileges to the Admin role via any URL.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31788 βΌ
π Read
via "National Vulnerability Database".
IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID= pathname.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44117 βΌ
π Read
via "National Vulnerability Database".
A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32563 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, the admin credentials provided to the Admin REST API are ignored, resulting in privilege escalation for unauthenticated users. The Public REST API is not impacted by this issue. A workaround is to replace X.509 certificate based authentication with Username and Password authentication inside the bootstrap configuration.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27502 βΌ
π Read
via "National Vulnerability Database".
RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM.π Read
via "National Vulnerability Database".
π’ IBM bolsters cyber security offerings with Randori acquisition π’
π Read
via "ITPro".
It plans to use the companyβs attack surface management and offensive security offerings to strengthen its cloud and AI capabilitiesπ Read
via "ITPro".
IT PRO
IBM bolsters cyber security offerings with Randori acquisition | IT PRO
It plans to use the companyβs attack surface management and offensive security offerings to strengthen its cloud and AI capabilities
π’ Double extortion ransomware pushes average payments close to $1 million π’
π Read
via "ITPro".
As the average payment approaches the landmark figure, experts reflect on times when the going rate was just $500π Read
via "ITPro".
IT PRO
Double extortion ransomware pushes average payments close to $1 million | IT PRO
As the average payment approaches the landmark figure, experts reflect on times when the going rate was just $500
π’ The hybrid work maturity framework π’
π Read
via "ITPro".
Your roadmap to trusted flexible workingπ Read
via "ITPro".
IT PRO
The hybrid work maturity framework
Your roadmap to trusted flexible working
π’ The EUβs Apple App Store crackdown βwill fuel cyber attacksβ π’
π Read
via "ITPro".
Organisations should be encouraged to embrace the βsecurity by Playstationβ approach as much as possible, expert saysπ Read
via "ITPro".
IT PRO
The EUβs Apple App Store crackdown βwill fuel cyber attacksβ | IT PRO
Organisations should be encouraged to embrace the βsecurity by Playstationβ approach as much as possible, expert says
π’ Cyber security companies βmust remember who the enemies areβ π’
π Read
via "ITPro".
Tech giants must collaborate more with the wider industry, WithSecureβs CEO urges, as he lays bare European anxietiesπ Read
via "ITPro".
IT PRO
Cyber security companies βmust remember who the enemies areβ | IT PRO
Tech giants must collaborate more with the wider industry, WithSecureβs CEO urges, as he lays bare European anxieties
π’ Kaspersky Free review: Effective and lightweight β everything you want from a free antivirus solution π’
π Read
via "ITPro".
Itβll be a real shame if politics means people missing out on this top-class security toolπ Read
via "ITPro".
IT PRO
Kaspersky Free review: Effective and lightweight β everything you want from a free antivirus solution | IT PRO
Itβll be a real shame if politics means people missing out on this top-class security tool
π’ Cyber criminals are spending longer inside business' networks after the initial breach π’
π Read
via "ITPro".
Cyber attackers' dwell time is up 36% thanks to initial access brokers and repeat exploitation of Microsoft Exchange vulnerabilities, according to Sophosπ Read
via "ITPro".
ITPro
Cyber criminals are spending longer inside business' networks after the initial breach
Cyber attackers' dwell time is up 36% thanks to initial access brokers and repeat exploitation of Microsoft Exchange vulnerabilities, according to Sophos
π’ Kali Linux team announces free cyber security training delivered live on Twitch π’
π Read
via "ITPro".
The brand-new initiative is aimed at reaching more aspiring certified pen-testers through twice-weekly livestreamed lessonsπ Read
via "ITPro".
IT Pro
Kali Linux creators announce free cyber security sessions delivered live on Twitch
The brand-new initiative is aimed at reaching more aspiring certified pen-testers through twice-weekly livestreamed lessons