π’ Former Uber security chief to face fraud charges over hack coverup π’
π Read
via "ITPro".
This is thought to be the first instance of a corporate information security officer criminally charged with concealing a hackπ Read
via "ITPro".
IT PRO
Former Uber security chief to face fraud charges over hack coverup | IT PRO
This is thought to be the first instance of a corporate information security officer criminally charged with concealing a hack
π’ Atos to advance NATOβs cybersecurity systems π’
π Read
via "ITPro".
The deal covers 22 Nato bases and βupgrades to two key cybersecurity systemsπ Read
via "ITPro".
IT PRO
Atos to advance NATOβs cyber security systems | IT PRO
The deal covers 22 Nato bases and βupgrades to two key cyber security systems
π1
π’ Cyber security holds top spot in IT audit risk list π’
π Read
via "ITPro".
Privacy, data, and regulatory compliance are among other concerns facing IT audit departmentsπ Read
via "ITPro".
IT PRO
Cyber security holds top spot in IT audit risk list | IT PRO
Privacy, data, and regulatory compliance are among other concerns facing IT audit departments
βΌ CVE-2022-34835 βΌ
π Read
via "National Vulnerability Database".
In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.π Read
via "National Vulnerability Database".
ποΈ Chromium browsers vulnerable to dangling markup injection ποΈ
π Read
via "The Daily Swig".
Fixed bug could allow attackers to extract sensitive informationπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Chromium browsers vulnerable to dangling markup injection
Fixed bug could allow attackers to extract sensitive information
βΌ CVE-2017-20121 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Teradici Management Console 2.2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Database Management. The manipulation leads to improper privilege management. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20122 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in Bitrix Site Manager 12.06.2015. Affected by this vulnerability is an unknown functionality of the component Contact Form. The manipulation of the argument text with the input <img src="http://1"; on onerror="$(Γ’β¬β’p').text(Γ’β¬β’HackedΓ’β¬β’)" /> leads to basic cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26135 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20123 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20125 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in Online Hotel Booking System Pro 1.2. Affected by this vulnerability is an unknown functionality of the file /roomtype-details.php. The manipulation of the argument tid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20124 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in Online Hotel Booking System Pro Plugin 1.0. Affected is an unknown function of the file /front/roomtype-details.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
β Firefox 102 fixes address bar spoofing security hole (and helps with Follina!) β
π Read
via "Naked Security".
Firefox squashes a bug that helped phishers, and brings its own helping hand to Microsoft's "Follina" saga.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β A Guide to Surviving a Ransomware Attack β
π Read
via "Threat Post".
Oliver Tavakoli, CTO at Vectra AI, gives us hope that surviving a ransomware attack is possible, so long as we apply preparation and intentionality to our defense posture.π Read
via "Threat Post".
Threat Post
A Guide to Surviving a Ransomware Attack
Oliver Tavakoli, CTO at Vectra AI, gives us hope that surviving a ransomware attack is possible, so long as we apply preparation and intentionality to our defense posture.
βΌ CVE-2021-40643 βΌ
π Read
via "National Vulnerability Database".
EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendmail) it is possible to execute any command, which will be executed when we make a test of the configuration ("send test mail").π Read
via "National Vulnerability Database".
β S3 Ep89: Sextortion, blockchain blunder, and an OpenSSL bugfix [Podcast + Transcript] β
π Read
via "Naked Security".
Latest episode - listen and read now! Use our advice to advise your own friends and family... let's all do our bit to stand up to scammers!π Read
via "Naked Security".
Naked Security
S3 Ep89: Sextortion, blockchain blunder, and an OpenSSL bugfix [Podcast + Transcript]
Latest episode β listen and read now! Use our advice to advise your own friends and familyβ¦ letβs all do our bit to stand up to scammers!
ποΈ OpenSea reveals email breach, blames employee at third-party vendor ποΈ
π Read
via "The Daily Swig".
All users who shared their email address with NFT marketplace told: βAssume you were impactedβπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
OpenSea among six organizations affected by email address leak by rogue employee at third-party vendor
All users who shared their email address with NFT marketplace told: βAssume you were impactedβ
βΌ CVE-2013-4146 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3414. Reason: This candidate is a duplicate of CVE-2012-3414. Notes: All CVE users should reference CVE-2012-3414 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2078 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40663 βΌ
π Read
via "National Vulnerability Database".
deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution').π Read
via "National Vulnerability Database".
βΌ CVE-2022-1852 βΌ
π Read
via "National Vulnerability Database".
A NULL pointer dereference flaw was found in the Linux kernelΓ’β¬β’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33043 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in the batch add function of Urtracker Premium v4.0.1.1477 allows attackers to execute arbitrary web scripts or HTML via a crafted excel file.π Read
via "National Vulnerability Database".