ποΈ HackerOne employee stole data from bug bounty reports for financial gain ποΈ
π Read
via "The Daily Swig".
Vulnerability disclosure platform shares details of incidentπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
HackerOne employee stole data from bug bounty reports for financial gain
Vulnerability disclosure platform shares details of incident
π΄ Name That Edge Toon: On Guard π΄
π Read
via "Dark Reading".
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.π Read
via "Dark Reading".
Dark Reading
Name That Edge Toon: On Guard
Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card.
βΌ CVE-2022-33744 βΌ
π Read
via "National Vulnerability Database".
Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33743 βΌ
π Read
via "National Vulnerability Database".
network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43702 βΌ
π Read
via "National Vulnerability Database".
ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26365 βΌ
π Read
via "National Vulnerability Database".
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).π Read
via "National Vulnerability Database".
βΌ CVE-2022-33742 βΌ
π Read
via "National Vulnerability Database".
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).π Read
via "National Vulnerability Database".
βΌ CVE-2022-30289 βΌ
π Read
via "National Vulnerability Database".
A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will then be executed by a victim when they open the file location.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33740 βΌ
π Read
via "National Vulnerability Database".
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).π Read
via "National Vulnerability Database".
βΌ CVE-2022-33741 βΌ
π Read
via "National Vulnerability Database".
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).π Read
via "National Vulnerability Database".
βΌ CVE-2022-30290 βΌ
π Read
via "National Vulnerability Database".
In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through the interface, legitimately.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2304 βΌ
π Read
via "National Vulnerability Database".
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.π Read
via "National Vulnerability Database".
π΄ 3 Cyber Threats Resulting From Today's Technology Choices to Hit Businesses by 2024 π΄
π Read
via "Dark Reading".
Companies need to consider the cost to disengage from the cloud along with proactive risk management that looks at governance issues resulting from heavy use of low- and no-code tools.π Read
via "Dark Reading".
Dark Reading
3 Cyber Threats Resulting From Today's Technology Choices to Hit Businesses by 2024
Companies need to consider the cost to disengage from the cloud along with proactive risk management that looks at governance issues resulting from heavy use of low- and no-code tools.
β Canadian cybercriminal pleads guilty to βNetWalkerβ attacks in US β
π Read
via "Naked Security".
Bust in Canada, now bust in the USA as well.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π OpenSSL Toolkit 1.1.1q π
π Read
via "Packet Storm Security".
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.π Read
via "Packet Storm Security".
Packetstormsecurity
OpenSSL Toolkit 1.1.1q β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π C Language Reverse Shell Generator π
π Read
via "Packet Storm Security".
This is a C language reverse shell generator that is written in Python.π Read
via "Packet Storm Security".
Packetstormsecurity
C Language Reverse Shell Generator β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π OpenSSL Toolkit 3.0.5 π
π Read
via "Packet Storm Security".
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide. The 3.x series is the current major version of OpenSSL.π Read
via "Packet Storm Security".
Packetstormsecurity
OpenSSL Toolkit 3.0.5 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π TripleCross Linux eBPF Rootkit π
π Read
via "Packet Storm Security".
TripleCross is a Linux eBPF rootkit that demonstrates the offensive capabilities of the eBPF technology. TripleCross is inspired by previous implant designs in this area, notably the works of Jeff Dileo at DEFCON 271, Pat Hogan at DEFCON 292, Guillaume Fournier and Sylvain Afchain also at DEFCON 293, and Kris NΓ³va's Boopkit4. The authors reuse and extend some of the techniques pioneered by these previous explorations of the offensive capabilities of eBPF technology.π Read
via "Packet Storm Security".
Packetstormsecurity
TripleCross Linux eBPF Rootkit β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ποΈ CWE Top 25: These are the most dangerous software weaknesses of 2022 ποΈ
π Read
via "The Daily Swig".
CISA and MITREβs latest CWE shakeup reveals the most severe threats impacting enterprise software todayπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
CWE Top 25: These are the most dangerous software weaknesses of 2022
CISA and MITREβs latest CWE shakeup reveals the most severe threats impacting enterprise software today
β Google patches βin-the-wildβ Chrome zero-day β update now! β
π Read
via "Naked Security".
Running Chrome? Do the "Help-About-Update" dance move right now, just to be sure...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π1
ποΈ Spring Data MongoDB hit by another critical SpEL injection flaw ποΈ
π Read
via "The Daily Swig".
Bug mirrors recent SpEL injection vulnerability that emerged alongside βSpringShellβ issueπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Spring Data MongoDB hit by another critical SpEL injection flaw
Bug mirrors recent SpEL injection vulnerability that emerged alongside βSpringShellβ issue