π OpenSSL Toolkit 1.1.1p π
π Read
via "Packet Storm Security".
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.π Read
via "Packet Storm Security".
Packetstormsecurity
OpenSSL Toolkit 1.1.1p β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π Wireshark Analyzer 3.6.6 π
π Read
via "Packet Storm Security".
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.π Read
via "Packet Storm Security".
Packetstormsecurity
Wireshark Analyzer 3.6.6 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π΄ BRATA Android Malware Evolves Into an APT π΄
π Read
via "Dark Reading".
The BRATA Android banking Trojan is evolving into a persistent threat with a new phishing technique and event-logging capabilities.π Read
via "Dark Reading".
Dark Reading
BRATA Android Malware Evolves Into an APT
The BRATA Android banking Trojan is evolving into a persistent threat with a new phishing technique and event-logging capabilities.
π΄ Evolving Beyond the Password: It's Time to Up the Ante π΄
π Read
via "Dark Reading".
While there's an immediate need to improve MFA adoption, it's also critical to move to more advanced and secure passwordless frameworks, including biometrics. (Part 1 of 2)π Read
via "Dark Reading".
Dark Reading
Evolving Beyond the Password: It's Time to Up the Ante
While there's an immediate need to improve MFA adoption, it's also critical to move to more advanced and secure passwordless frameworks, including biometrics. (Part 1 of 2)
β Modern IT Security Teamsβ Inevitable Need for Advanced Vulnerability Management β
π Read
via "Threat Post".
Traditional vulnerability management programs are outdated, with little to no innovation in the last two decades. Today's dynamic IT environment demands an advanced vulnerability management program to deal with the complex attack surface and curb security risks.π Read
via "Threat Post".
Threat Post
Modern IT Security Teamsβ Inevitable Need for Advanced Vulnerability Management
Today's modern attacks surface needs a reinvention in vulnerability management to deal with the rising cyberattacks.
β Capital One identity theft hacker finally gets convicted β
π Read
via "Naked Security".
It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own!π Read
via "Naked Security".
Naked Security
Capital One identity theft hacker finally gets convicted
It took three years, but the Capital One cracker was convicted in the end. Donβt get caught out in a data breach of your own!
βΌ CVE-2022-1833 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to clusterwide edit rights by checking the secrets. The service account used for building the Operator gives more permission than expected and an attacker could benefit from it. This requires at least an already compromised low-privilege account or insider attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30874 βΌ
π Read
via "National Vulnerability Database".
There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23342 βΌ
π Read
via "National Vulnerability Database".
The Hyland Onbase Application Server releases prior to 20.3.58.1000 and OnBase releases 21.1.1.1000 through 21.1.15.1000 are vulnerable to a username enumeration vulnerability. An attacker can obtain valid users based on the response returned for invalid and valid users by sending a POST login request to the /mobilebroker/ServiceToBroker.svc/Json/Connect endpoint. This can lead to user enumeration against the underlying Active Directory integrated systems.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27870 βΌ
π Read
via "National Vulnerability Database".
A maliciously crafted TGA file in Autodesk AutoCAD 2023 may be used to write beyond the allocated buffer while parsing TGA file. This vulnerability may be exploited to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32973 βΌ
π Read
via "National Vulnerability Database".
An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31786 βΌ
π Read
via "National Vulnerability Database".
IdeaLMS 2022 allows reflected Cross Site Scripting (XSS) via the IdeaLMS/Class/Assessment/ PATH_INFO.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29774 βΌ
π Read
via "National Vulnerability Database".
iSpyConnect iSpy v7.2.2.0 is vulnerable to path traversal.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27869 βΌ
π Read
via "National Vulnerability Database".
A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrary code.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27868 βΌ
π Read
via "National Vulnerability Database".
A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33055 βΌ
π Read
via "National Vulnerability Database".
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/trains/manage_train.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33049 βΌ
π Read
via "National Vulnerability Database".
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/?page=user/manage_user.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33048 βΌ
π Read
via "National Vulnerability Database".
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/reservations/view_details.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32974 βΌ
π Read
via "National Vulnerability Database".
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29775 βΌ
π Read
via "National Vulnerability Database".
iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1665 βΌ
π Read
via "National Vulnerability Database".
A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. These kernel builds don't have the secure boot lockdown patches applied to it and can bypass the secure boot validations, allowing the attacker to load another non-trusted code.π Read
via "National Vulnerability Database".