‼ CVE-2017-20089 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Gwolle Guestbook Plugin 1.7.4. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to basic cross site scripting. The attack may be initiated remotely.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31009 ‼
📖 Read
via "National Vulnerability Database".
wire-ios is an iOS client for the Wire secure messaging application. Invalid accent colors of Wire communication partners may render the iOS Wire Client partially unusable by causing it to crash multiple times on launch. These invalid accent colors can be used by and sent between Wire users. The root cause was an unnecessary assert statement when converting an integer value into the corresponding enum value, causing an exception instead of a fallback to a default value. This issue is fixed in [wire-ios](https://github.com/wireapp/wire-ios/commit/caa0e27dbe51f9edfda8c7a9f017d93b8cfddefb) and in Wire for iOS 3.100. There is no workaround available, but users may use other Wire clients (such as the [web app](https://app.wire.com)) to continue using Wire, or upgrade their client.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20087 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in Alpine PhotoTile for Instagram Plugin 1.2.7.7. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20088 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in Atahualpa Theme. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20091 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in File Manager Plugin 3.0.1. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely.📖 Read
via "National Vulnerability Database".
‼ CVE-2017-20086 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely.📖 Read
via "National Vulnerability Database".
⚠ S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast] ⚠
📖 Read
via "Naked Security".
Latest epsiode - listen now!📖 Read
via "Naked Security".
Naked Security
S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast + Transcript]
Latest epsiode – listen (or read) now!
🗓️ Splunk patches critical vulnerability while users push for legacy updates 🗓️
📖 Read
via "The Daily Swig".
Users call for security update back-port to support earlier versions📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Splunk patches critical vulnerability while users push for legacy updates
Users call for security update back-port to support earlier versions
👎1
‼ CVE-2022-34305 ‼
📖 Read
via "National Vulnerability Database".
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.📖 Read
via "National Vulnerability Database".
❌ Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug ❌
📖 Read
via "Threat Post".
The APT is pairing a known Microsoft flaw with a malicious document to load malware that nabs credentials from Chrome, Firefox and Edge browsers.📖 Read
via "Threat Post".
Threat Post
Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug
The APT is pairing a known Microsoft flaw with a malicious document to load malware that nabs credentials from Chrome, Firefox and Edge browsers.
❤1
🕴 How APTs Are Achieving Persistence Through IoT, OT, and Network Devices 🕴
📖 Read
via "Dark Reading".
To prevent these attacks, businesses must have complete visibility into, and access and management over, disparate devices.📖 Read
via "Dark Reading".
Dark Reading
How APTs Are Achieving Persistence Through IoT, OT, and Network Devices
To prevent these attacks, businesses must have complete visibility into, and access and management over, disparate devices.
🗓️ Statutory defense for ethical hacking under UK Computer Misuse Act tabled 🗓️
📖 Read
via "The Daily Swig".
Amendment applies to bill related to 5G rollout and connected products📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Statutory defense for ethical hacking under UK Computer Misuse Act tabled
Amendment applies to bill related to 5G rollout and connected products
‼ CVE-2022-2175 ‼
📖 Read
via "National Vulnerability Database".
Buffer Over-read in GitHub repository vim/vim prior to 8.2.📖 Read
via "National Vulnerability Database".
🕴 Palo Alto Networks Bolsters Its Cloud Native Security Offerings With Out-of-Band WAAS 🕴
📖 Read
via "Dark Reading".
Latest Prisma Cloud platform updates help organizations continuously monitor and secure web applications with maximum flexibility.📖 Read
via "Dark Reading".
Dark Reading
Palo Alto Networks Bolsters Its Cloud Native Security Offerings With Out-of-Band WAAS
Latest Prisma Cloud platform updates help organizations continuously monitor and secure web applications with maximum flexibility.
🕴 Reinventing How Farming Equipment Is Remotely Controlled and Tracked 🕴
📖 Read
via "Dark Reading".
Farmers are incorporating high-tech solutions like IoT and drones to address new challenges facing agriculture.📖 Read
via "Dark Reading".
Dark Reading
Reinventing How Farming Equipment Is Remotely Controlled and Tracked
Farmers are incorporating high-tech solutions like IoT and drones to address new challenges facing agriculture.
🕴 Cyberattackers Abuse QuickBooks Cloud Service in 'Double-Spear' Campaign 🕴
📖 Read
via "Dark Reading".
Malicious invoices coming from the accounting software's legitimate domain are used to harvest phone numbers and carry out fraudulent credit-card transactions.📖 Read
via "Dark Reading".
Dark Reading
Cyberattackers Abuse QuickBooks Cloud Service in 'Double-Spear' Campaign
Malicious invoices coming from the accounting software's legitimate domain are used to harvest phone numbers and carry out fraudulent credit-card transactions.
🕴 The Rise, Fall, and Rebirth of the Presumption of Compromise 🕴
📖 Read
via "Dark Reading".
The concept might make us sharp and realistic, but it's not enough on its own.📖 Read
via "Dark Reading".
Dark Reading
The Rise, Fall, and Rebirth of the Presumption of Compromise
The concept might make us sharp and realistic, but it's not enough on its own.
🕴 Pair of Brand-New Cybersecurity Bills Become Law 🕴
📖 Read
via "Dark Reading".
Bipartisan legislation allows cybersecurity experts to work across multiple agencies and provides federal support for local governments.📖 Read
via "Dark Reading".
Dark Reading
Pair of Brand-New Cybersecurity Bills Become Law
Bipartisan legislation allows cybersecurity experts to work across multiple agencies and provides federal support for local governments.
🕴 ShiftLeft: Focus On 'Attackability' To Better Prioritize Vulnerabilities 🕴
📖 Read
via "Dark Reading".
ShiftLeft's Manesh Gupta join Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about looking at vulnerability management through the lens of "attackability."📖 Read
via "Dark Reading".
Darkreading
ShiftLeft: Focus On 'Attackability' To Better Prioritize Vulnerabilities
ShiftLeft's Manish Gupta join Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about looking at vulnerability management through the lens of "attackability."
‼ CVE-2022-34176 ‼
📖 Read
via "National Vulnerability Database".
Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41432 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content.📖 Read
via "National Vulnerability Database".