π C Language Reverse Shell Generator π
π Read
via "Packet Storm Security".
This is a C language reverse shell generator that is written in Python.π Read
via "Packet Storm Security".
Packetstormsecurity
C Language Reverse Shell Generator β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π OpenSSL Toolkit 3.0.5 π
π Read
via "Packet Storm Security".
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide. The 3.x series is the current major version of OpenSSL.π Read
via "Packet Storm Security".
Packetstormsecurity
OpenSSL Toolkit 3.0.5 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
π TripleCross Linux eBPF Rootkit π
π Read
via "Packet Storm Security".
TripleCross is a Linux eBPF rootkit that demonstrates the offensive capabilities of the eBPF technology. TripleCross is inspired by previous implant designs in this area, notably the works of Jeff Dileo at DEFCON 271, Pat Hogan at DEFCON 292, Guillaume Fournier and Sylvain Afchain also at DEFCON 293, and Kris NΓ³va's Boopkit4. The authors reuse and extend some of the techniques pioneered by these previous explorations of the offensive capabilities of eBPF technology.π Read
via "Packet Storm Security".
Packetstormsecurity
TripleCross Linux eBPF Rootkit β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ποΈ CWE Top 25: These are the most dangerous software weaknesses of 2022 ποΈ
π Read
via "The Daily Swig".
CISA and MITREβs latest CWE shakeup reveals the most severe threats impacting enterprise software todayπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
CWE Top 25: These are the most dangerous software weaknesses of 2022
CISA and MITREβs latest CWE shakeup reveals the most severe threats impacting enterprise software today
β Google patches βin-the-wildβ Chrome zero-day β update now! β
π Read
via "Naked Security".
Running Chrome? Do the "Help-About-Update" dance move right now, just to be sure...π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
π1
ποΈ Spring Data MongoDB hit by another critical SpEL injection flaw ποΈ
π Read
via "The Daily Swig".
Bug mirrors recent SpEL injection vulnerability that emerged alongside βSpringShellβ issueπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Spring Data MongoDB hit by another critical SpEL injection flaw
Bug mirrors recent SpEL injection vulnerability that emerged alongside βSpringShellβ issue
βΌ CVE-2021-43116 βΌ
π Read
via "National Vulnerability Database".
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31836 βΌ
π Read
via "National Vulnerability Database".
The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.π Read
via "National Vulnerability Database".
π΄ Google Chrome WebRTC Zero-Day Faces Active Exploitation π΄
π Read
via "Dark Reading".
The heap buffer-overflow issue in Chrome for Android could be used for DoS, code execution, and more.π Read
via "Dark Reading".
Dark Reading
Google Chrome WebRTC Zero-Day Faces Active Exploitation
The heap buffer-overflow issue in Chrome for Android could be used for DoS, code execution, and more.
π΄ Why Browser Vulnerabilities Are a Serious Threat β and How to Minimize Your Risk π΄
π Read
via "Dark Reading".
As a result of browser market consolidation, adversaries can focus on uncovering vulnerabilities in just two main browser engines.π Read
via "Dark Reading".
Dark Reading
Why Browser Vulnerabilities Are a Serious Threat β and How to Minimize Your Risk
As a result of browser market consolidation, adversaries can focus on uncovering vulnerabilities in just two main browser engines.
βΌ CVE-2022-31770 βΌ
π Read
via "National Vulnerability Database".
IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34879 βΌ
π Read
via "National Vulnerability Database".
Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) of VICIdial via agent, and search_archived_data parameters. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34876 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in admin interface (/vicidial/admin.php) of VICIdial via modify_email_accounts, access_recordings, and agentcall_email parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34878 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in User Stats interface (/vicidial/user_stats.php) of VICIdial via the file_download parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-34877 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.π Read
via "National Vulnerability Database".
π’ NCSC concerned for UK cyber experts burning out over Russia-Ukraine cyber war π’
π Read
via "ITPro".
The nation's cyber authority has provided organisations with advice on how to deal with an extended period of heightened threatπ Read
via "ITPro".
IT PRO
NCSC concerned for UK cyber experts burning out over Russia-Ukraine cyber war | IT PRO
The nation's cyber authority has provided organisations with advice on how to deal with an extended period of heightened threat
π’ Cross-party MPs urge ban on two Chinese CCTV companies citing ethics and security concerns π’
π Read
via "ITPro".
Hikvision and Dahua are used by over 60% of UK public bodies, despite widespread criticism around alleged ties to crimes in Xinjiangπ Read
via "ITPro".
IT PRO
Cross-party MPs urge ban on two Chinese CCTV companies citing ethics and security concerns | IT PRO
Hikvision and Dahua are used by over 60% of UK public bodies, despite widespread criticism around alleged ties to crimes in Xinjiang
π1
π’ Six cyber security disruptors to watch in 2022 π’
π Read
via "ITPro".
The companies breaking new ground in data retention, software development, training, risk management, and automationπ Read
via "ITPro".
IT PRO
Six cyber security disruptors to watch in 2022 | IT PRO
The companies breaking new ground in data retention, software development, training, risk management, and automation
π’ Government and Deloitte-backed cyber security startup accelerator returns for second intake π’
π Read
via "ITPro".
The Cyber Runway accelerator is accepting its second cohort with its support programme placing special focus on sustainability and diversityπ Read
via "ITPro".
IT PRO
Government and Deloitte-backed cyber security startup accelerator returns for second intake | IT PRO
The Cyber Runway accelerator is accepting its second cohort with its support programme placing special focus on sustainability and diversity
βΌ CVE-2021-44915 βΌ
π Read
via "National Vulnerability Database".
Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31014 βΌ
π Read
via "National Vulnerability Database".
Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection. The impact varies based on which commands are supported by the backend SMTP server. However, the main risk here is that the attacker can then hijack an already-authenticated SMTP session and run arbitrary SMTP commands as the email user, such as sending emails to other users, changing the FROM user, and so on. As before, this depends on the configuration of the server itself, but newlines should be sanitized to mitigate such arbitrary SMTP command injection. It is recommended that the Nextcloud Server is upgraded to 22.2.8 , 23.0.5 or 24.0.1. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".