βΌ CVE-2022-2252 βΌ
π Read
via "National Vulnerability Database".
Open Redirect in GitHub repository microweber/microweber prior to 1.2.19.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30192 βΌ
π Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33638, CVE-2022-33639.π Read
via "National Vulnerability Database".
π Global Socket 1.4.36 π
π Read
via "Packet Storm Security".
Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.π Read
via "Packet Storm Security".
Packetstormsecurity
Global Socket 1.4.36 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
β Leaky Access Tokens Exposed Amazon Photos of Users β
π Read
via "Threat Post".
Hackers with Amazon usersβ authentication tokens couldβve stolen or encrypted personal photos and documents.π Read
via "Threat Post".
Threat Post
Leaky Access Tokens Exposed Amazon Photos of Users
Hackers with Amazon usersβ authentication tokens couldβve stolen or encrypted personal photos and documents.
π1
βΌ CVE-2022-30467 βΌ
π Read
via "National Vulnerability Database".
Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of service, which allows remote attackers to jam the key fob request via RF.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40597 βΌ
π Read
via "National Vulnerability Database".
The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Administrator username and password.π Read
via "National Vulnerability Database".
π’ FCC commissioner urges Apple and Google to remove TikTok from app stores π’
π Read
via "ITPro".
This comes after it emerged that TikTokβs owners in Beijing have repeatedly accessed sensitive data collected from US citizensπ Read
via "ITPro".
IT PRO
FCC commissioner urges Apple and Google to remove TikTok from app stores | IT PRO
This comes after it emerged that TikTokβs owners in Beijing have repeatedly accessed sensitive data collected from US citizens
π’ Former Uber security chief to face fraud charges over hack coverup π’
π Read
via "ITPro".
This is thought to be the first instance of a corporate information security officer criminally charged with concealing a hackπ Read
via "ITPro".
IT PRO
Former Uber security chief to face fraud charges over hack coverup | IT PRO
This is thought to be the first instance of a corporate information security officer criminally charged with concealing a hack
π’ Atos to advance NATOβs cybersecurity systems π’
π Read
via "ITPro".
The deal covers 22 Nato bases and βupgrades to two key cybersecurity systemsπ Read
via "ITPro".
IT PRO
Atos to advance NATOβs cyber security systems | IT PRO
The deal covers 22 Nato bases and βupgrades to two key cyber security systems
π1
π’ Cyber security holds top spot in IT audit risk list π’
π Read
via "ITPro".
Privacy, data, and regulatory compliance are among other concerns facing IT audit departmentsπ Read
via "ITPro".
IT PRO
Cyber security holds top spot in IT audit risk list | IT PRO
Privacy, data, and regulatory compliance are among other concerns facing IT audit departments
βΌ CVE-2022-34835 βΌ
π Read
via "National Vulnerability Database".
In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.π Read
via "National Vulnerability Database".
ποΈ Chromium browsers vulnerable to dangling markup injection ποΈ
π Read
via "The Daily Swig".
Fixed bug could allow attackers to extract sensitive informationπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Chromium browsers vulnerable to dangling markup injection
Fixed bug could allow attackers to extract sensitive information
βΌ CVE-2017-20121 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Teradici Management Console 2.2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Database Management. The manipulation leads to improper privilege management. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20122 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in Bitrix Site Manager 12.06.2015. Affected by this vulnerability is an unknown functionality of the component Contact Form. The manipulation of the argument text with the input <img src="http://1"; on onerror="$(Γ’β¬β’p').text(Γ’β¬β’HackedΓ’β¬β’)" /> leads to basic cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26135 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20123 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20125 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in Online Hotel Booking System Pro 1.2. Affected by this vulnerability is an unknown functionality of the file /roomtype-details.php. The manipulation of the argument tid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20124 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in Online Hotel Booking System Pro Plugin 1.0. Affected is an unknown function of the file /front/roomtype-details.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
β Firefox 102 fixes address bar spoofing security hole (and helps with Follina!) β
π Read
via "Naked Security".
Firefox squashes a bug that helped phishers, and brings its own helping hand to Microsoft's "Follina" saga.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β A Guide to Surviving a Ransomware Attack β
π Read
via "Threat Post".
Oliver Tavakoli, CTO at Vectra AI, gives us hope that surviving a ransomware attack is possible, so long as we apply preparation and intentionality to our defense posture.π Read
via "Threat Post".
Threat Post
A Guide to Surviving a Ransomware Attack
Oliver Tavakoli, CTO at Vectra AI, gives us hope that surviving a ransomware attack is possible, so long as we apply preparation and intentionality to our defense posture.
βΌ CVE-2021-40643 βΌ
π Read
via "National Vulnerability Database".
EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendmail) it is possible to execute any command, which will be executed when we make a test of the configuration ("send test mail").π Read
via "National Vulnerability Database".