‼ CVE-2022-34305 ‼
📖 Read
via "National Vulnerability Database".
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.📖 Read
via "National Vulnerability Database".
❌ Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug ❌
📖 Read
via "Threat Post".
The APT is pairing a known Microsoft flaw with a malicious document to load malware that nabs credentials from Chrome, Firefox and Edge browsers.📖 Read
via "Threat Post".
Threat Post
Fancy Bear Uses Nuke Threat Lure to Exploit 1-Click Bug
The APT is pairing a known Microsoft flaw with a malicious document to load malware that nabs credentials from Chrome, Firefox and Edge browsers.
❤1
🕴 How APTs Are Achieving Persistence Through IoT, OT, and Network Devices 🕴
📖 Read
via "Dark Reading".
To prevent these attacks, businesses must have complete visibility into, and access and management over, disparate devices.📖 Read
via "Dark Reading".
Dark Reading
How APTs Are Achieving Persistence Through IoT, OT, and Network Devices
To prevent these attacks, businesses must have complete visibility into, and access and management over, disparate devices.
🗓️ Statutory defense for ethical hacking under UK Computer Misuse Act tabled 🗓️
📖 Read
via "The Daily Swig".
Amendment applies to bill related to 5G rollout and connected products📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Statutory defense for ethical hacking under UK Computer Misuse Act tabled
Amendment applies to bill related to 5G rollout and connected products
‼ CVE-2022-2175 ‼
📖 Read
via "National Vulnerability Database".
Buffer Over-read in GitHub repository vim/vim prior to 8.2.📖 Read
via "National Vulnerability Database".
🕴 Palo Alto Networks Bolsters Its Cloud Native Security Offerings With Out-of-Band WAAS 🕴
📖 Read
via "Dark Reading".
Latest Prisma Cloud platform updates help organizations continuously monitor and secure web applications with maximum flexibility.📖 Read
via "Dark Reading".
Dark Reading
Palo Alto Networks Bolsters Its Cloud Native Security Offerings With Out-of-Band WAAS
Latest Prisma Cloud platform updates help organizations continuously monitor and secure web applications with maximum flexibility.
🕴 Reinventing How Farming Equipment Is Remotely Controlled and Tracked 🕴
📖 Read
via "Dark Reading".
Farmers are incorporating high-tech solutions like IoT and drones to address new challenges facing agriculture.📖 Read
via "Dark Reading".
Dark Reading
Reinventing How Farming Equipment Is Remotely Controlled and Tracked
Farmers are incorporating high-tech solutions like IoT and drones to address new challenges facing agriculture.
🕴 Cyberattackers Abuse QuickBooks Cloud Service in 'Double-Spear' Campaign 🕴
📖 Read
via "Dark Reading".
Malicious invoices coming from the accounting software's legitimate domain are used to harvest phone numbers and carry out fraudulent credit-card transactions.📖 Read
via "Dark Reading".
Dark Reading
Cyberattackers Abuse QuickBooks Cloud Service in 'Double-Spear' Campaign
Malicious invoices coming from the accounting software's legitimate domain are used to harvest phone numbers and carry out fraudulent credit-card transactions.
🕴 The Rise, Fall, and Rebirth of the Presumption of Compromise 🕴
📖 Read
via "Dark Reading".
The concept might make us sharp and realistic, but it's not enough on its own.📖 Read
via "Dark Reading".
Dark Reading
The Rise, Fall, and Rebirth of the Presumption of Compromise
The concept might make us sharp and realistic, but it's not enough on its own.
🕴 Pair of Brand-New Cybersecurity Bills Become Law 🕴
📖 Read
via "Dark Reading".
Bipartisan legislation allows cybersecurity experts to work across multiple agencies and provides federal support for local governments.📖 Read
via "Dark Reading".
Dark Reading
Pair of Brand-New Cybersecurity Bills Become Law
Bipartisan legislation allows cybersecurity experts to work across multiple agencies and provides federal support for local governments.
🕴 ShiftLeft: Focus On 'Attackability' To Better Prioritize Vulnerabilities 🕴
📖 Read
via "Dark Reading".
ShiftLeft's Manesh Gupta join Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about looking at vulnerability management through the lens of "attackability."📖 Read
via "Dark Reading".
Darkreading
ShiftLeft: Focus On 'Attackability' To Better Prioritize Vulnerabilities
ShiftLeft's Manish Gupta join Dark Reading's Terry Sweeney at Dark Reading News Desk during RSA Conference to talk about looking at vulnerability management through the lens of "attackability."
‼ CVE-2022-34176 ‼
📖 Read
via "National Vulnerability Database".
Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41432 ‼
📖 Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32125 ‼
📖 Read
via "National Vulnerability Database".
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /job.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33097 ‼
📖 Read
via "National Vulnerability Database".
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/campus/campus_job.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33114 ‼
📖 Read
via "National Vulnerability Database".
Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26637 ‼
📖 Read
via "National Vulnerability Database".
There is no account authentication and permission check logic in the firmware and existing apps of SiHAS's SGW-300, ACM-300, GCM-300, so unauthorized users can remotely control the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34201 ‼
📖 Read
via "National Vulnerability Database".
A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33094 ‼
📖 Read
via "National Vulnerability Database".
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/map.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34199 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34189 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape the name and description of Image Tag parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.📖 Read
via "National Vulnerability Database".