βΌ CVE-2022-27219 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22068 βΌ
π Read
via "National Vulnerability Database".
kernel event may contain unexpected content which is not generated by NPU software in asynchronous execution mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearablesπ Read
via "National Vulnerability Database".
ποΈ GhostTouch: Hackers can reach your phoneβs touchscreen without even touching it ποΈ
π Read
via "The Daily Swig".
New research shows how electromagnetic interference can be used to trigger arbitrary behavior on mobile touchscreens, although caveats applyπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
GhostTouch: Hackers can reach your phoneβs touchscreen without even touching it
New research shows how electromagnetic interference can be used to trigger arbitrary behavior on mobile touchscreens, although caveats apply
π΄ Understanding and Mitigating Single Sign-on Risk π΄
π Read
via "Dark Reading".
SSO's one-to-many architecture is both a big advantage and a weakness.π Read
via "Dark Reading".
Dark Reading
Understanding and Mitigating Single Sign-on Risk
SSO's one-to-many architecture is both a big advantage and a weakness.
βΌ CVE-2021-40678 βΌ
π Read
via "National Vulnerability Database".
In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batch_manager&mode=unit.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31273 βΌ
π Read
via "National Vulnerability Database".
An issue in TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smpidp allows attackers to perform a brute-force attack via a crafted session_id cookie.π Read
via "National Vulnerability Database".
ποΈ Oblivious DNS-over-HTTPS offers privacy enhancements to secure lookup protocol ποΈ
π Read
via "The Daily Swig".
ODoH is said to enhance user privacy without compromising performanceπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Oblivious DNS-over-HTTPS offers privacy enhancements to secure lookup protocol
ODoH is said to enhance user privacy without compromising performance
π1π1
ποΈ LenelS2 access control vulnerabilities leave door open to lock manipulation ποΈ
π Read
via "The Daily Swig".
Vendor addresses threat to integrity and availability of physical access systemsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
HID Mercury access control vulnerabilities leave door open to lock manipulation
Manufacturer addresses threat to integrity and availability of products sold to more than 20 OEM vendors
π΄ Optiv MXDR Enhances Detection Coverage With Expanded Cloud Integration π΄
π Read
via "Dark Reading".
Service ingests AWS, GCP and Microsoft Azure data.π Read
via "Dark Reading".
Dark Reading
Optiv MXDR Enhances Detection Coverage With Expanded Cloud Integration
Service ingests AWS, GCP and Microsoft Azure data.
βΌ CVE-2021-40660 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ReDoS vulnerability that can be exploited to launching a denial of service (DoS) attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32336 βΌ
π Read
via "National Vulnerability Database".
Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/view_menu.php?id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27889 βΌ
π Read
via "National Vulnerability Database".
The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0. This issue affects: Palantir Foundry Multipass versions prior to 3.647.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31845 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31309 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31847 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31846 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31308 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in live_mfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31311 βΌ
π Read
via "National Vulnerability Database".
An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request.π Read
via "National Vulnerability Database".
β Youβre invited! Join us for a live walkthrough of the βFollinaβ storyβ¦ β
π Read
via "Naked Security".
Live demo, plain English, no sales pitch, just a chance to watch an attack dissected in safety. Join us if you can!π Read
via "Naked Security".
Sophos News
Youβre invited! Join us for a live walkthrough of the βFollinaβ storyβ¦
Live demo, plain English, no sales pitch, just a chance to watch an attack dissected in safety. Join us if you can!
π Latest Chrome Update Resolves Four High Risk Vulnerabilities π
π Read
via "".
Google has yet again updated Chrome to resolve multiple vulnerabilities in the browser, including four marked high severity.π Read
via "".
Digital Guardian
Latest Chrome Update Resolves Four High Risk Vulnerabilities
Google has yet again updated Chrome to resolve multiple vulnerabilities in the browser, including four marked high severity.
π΄ How Can Security Partnerships Help to Mitigate the Increasing Cyber Threat? π΄
π Read
via "Dark Reading".
Martyn Ryder from Morphean explains why forging trusted partnerships is integral to the future of physical security in a world of networks, systems, and the cloud.π Read
via "Dark Reading".
Dark Reading
How Can Security Partnerships Help to Mitigate the Increasing Cyber Threat?
Martyn Ryder from Morphean explains why forging trusted partnerships is integral to the future of physical security in a world of networks, systems, and the cloud.