βΌ CVE-2022-23074 βΌ
π Read
via "National Vulnerability Database".
In Recipes, versions 0.17.0 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in the Γ’β¬ΛNameΓ’β¬β’ field of Keyword, Food and Unit components. When a victim accesses the Keyword/Food/Unit endpoints, the XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover.π Read
via "National Vulnerability Database".
β Office 365 Config Loophole Opens OneDrive, SharePoint Data to Ransomware Attack β
π Read
via "Threat Post".
A reported a "potentially dangerous piece of functionality" allows an attacker to launch an attack on cloud infrastructure and ransom files stored in SharePoint and OneDrive.π Read
via "Threat Post".
Threat Post
Office 365 Config Loophole Opens OneDrive, SharePoint Data to Ransomware Attack
A reported a "potentially dangerous piece of functionality" allows an attacker to launch an attack on cloud infrastructure and ransom files stored in SharePoint and OneDrive.
β Kazakh Govt. Used Spyware Against Protesters β
π Read
via "Threat Post".
Researchers have discovered that a Kazakhstan government entity deployed sophisticated Italian spyware within its borders.π Read
via "Threat Post".
Threat Post
Kazakh Govt. Used Spyware Against Protesters
Researchers have discovered that a Kazakhstan government entity deployed sophisticated Italian spyware within its borders.
π΄ 56 Vulnerabilities Discovered in OT Products From 10 Different Vendors π΄
π Read
via "Dark Reading".
Deep-dive study unearthed security flaws that could allow remote code execution, file manipulation, and malicious firmware uploads, among other badness.π Read
via "Dark Reading".
Dark Reading
56 Vulnerabilities Discovered in OT Products From 10 Different Vendors
Deep-dive study unearthed security flaws that could allow remote code execution, file manipulation, and malicious firmware uploads, among other badness.
π΄ AI Is Not a Security Silver Bullet π΄
π Read
via "Dark Reading".
AI can help companies more effectively identify and respond to threats, as well as harden applications.π Read
via "Dark Reading".
Dark Reading
AI Is Not a Security Silver Bullet
AI can help companies more effectively identify and respond to threats, as well as harden applications.
βΌ CVE-2022-33119 βΌ
π Read
via "National Vulnerability Database".
NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31373 βΌ
π Read
via "National Vulnerability Database".
SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31302 βΌ
π Read
via "National Vulnerability Database".
maccms8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32414 βΌ
π Read
via "National Vulnerability Database".
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31303 βΌ
π Read
via "National Vulnerability Database".
maccms10 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31306 βΌ
π Read
via "National Vulnerability Database".
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_array.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31374 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31307 βΌ
π Read
via "National Vulnerability Database".
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_string_offset at src/njs_string.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33139 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SIMATIC WinCC OA V3.16 (All versions in default configuration), SIMATIC WinCC OA V3.17 (All versions in non-default configuration), SIMATIC WinCC OA V3.18 (All versions in non-default configuration). Affected applications use client-side only authentication, when neither server-side authentication (SSA) nor Kerberos authentication is enabled. In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated.π Read
via "National Vulnerability Database".
π΄ Reducing Risk With Zero Trust π΄
π Read
via "Dark Reading".
Zero trust isnβt just about authentication. Organizations can combine identity data with business awareness to address issues such as insider threat.π Read
via "Dark Reading".
Dark Reading
Reducing Risk With Zero Trust
Zero trust isnβt just about authentication. Organizations can combine identity data with business awareness to address issues such as insider threat.
ποΈ Jacuzzi customer details could be exposed by SmartTub web bugs, claims researcher ποΈ
π Read
via "The Daily Swig".
Iconic hot tub manufacturer addresses flaws that also apparently exposed numerous backend servicesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Jacuzzi customer details could be exposed by SmartTub web bugs, claims researcher
Iconic hot tub manufacturer addresses flaws that also apparently exposed numerous backend services
π OpenSSL Toolkit 1.1.1p π
π Read
via "Packet Storm Security".
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.π Read
via "Packet Storm Security".
Packetstormsecurity
OpenSSL Toolkit 1.1.1p β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Wireshark Analyzer 3.6.6 π
π Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 3.6.6 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ BRATA Android Malware Evolves Into an APT π΄
π Read
via "Dark Reading".
The BRATA Android banking Trojan is evolving into a persistent threat with a new phishing technique and event-logging capabilities.π Read
via "Dark Reading".
Dark Reading
BRATA Android Malware Evolves Into an APT
The BRATA Android banking Trojan is evolving into a persistent threat with a new phishing technique and event-logging capabilities.
π΄ Evolving Beyond the Password: It's Time to Up the Ante π΄
π Read
via "Dark Reading".
While there's an immediate need to improve MFA adoption, it's also critical to move to more advanced and secure passwordless frameworks, including biometrics. (Part 1 of 2)π Read
via "Dark Reading".
Dark Reading
Evolving Beyond the Password: It's Time to Up the Ante
While there's an immediate need to improve MFA adoption, it's also critical to move to more advanced and secure passwordless frameworks, including biometrics. (Part 1 of 2)
β Modern IT Security Teamsβ Inevitable Need for Advanced Vulnerability Management β
π Read
via "Threat Post".
Traditional vulnerability management programs are outdated, with little to no innovation in the last two decades. Today's dynamic IT environment demands an advanced vulnerability management program to deal with the complex attack surface and curb security risks.π Read
via "Threat Post".
Threat Post
Modern IT Security Teamsβ Inevitable Need for Advanced Vulnerability Management
Today's modern attacks surface needs a reinvention in vulnerability management to deal with the rising cyberattacks.