βΌ CVE-2020-27732 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41042 βΌ
π Read
via "National Vulnerability Database".
In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. This allows an attacker to cause an external DTD to be retrieved.π Read
via "National Vulnerability Database".
βΌ CVE-2019-19155 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none.π Read
via "National Vulnerability Database".
π1
β S3 Ep90: Chrome 0-day again, True Cybercrime, and a 2FA bypass [Podcast + Transcript] β
π Read
via "Naked Security".
Listen now! Or read if you prefer...π Read
via "Naked Security".
Naked Security
S3 Ep90: Chrome 0-day, cybercrime, 2FA bypass [Audio + Text]
Listen now! Or read if you preferβ¦
β Apache βCommons Configurationβ toolkit patches Log4Shell-like bug β
π Read
via "Naked Security".
It's a bit like Log4J, but for configuration files, not for logging.π Read
via "Naked Security".
Naked Security
Apache βCommons Configurationβ patches Log4Shell-style bug β what you need to know
Itβs a bit like Log4J, but for configuration files, not for logging.
βΌ CVE-2022-1245 βΌ
π Read
via "National Vulnerability Database".
A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could allow a client to gain unauthorized access to additional services.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41037 βΌ
π Read
via "National Vulnerability Database".
In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the local machine via touchpoints during installation. Those touchpoints can, for example, alter the command-line used to start the application, injecting things like agent or other settings that usually require particular attention in term of security. Although p2 has built-in strategies to ensure artifacts are signed and then to help establish trust, there is no such strategy for the metadata part that does configure such touchpoints. As a result, it's possible to install a unit that will run malicious code during installation without user receiving any warning about this installation step being risky when coming from untrusted source.π Read
via "National Vulnerability Database".
β U.S. Healthcare Orgs Targeted with Maui Ransomware β
π Read
via "Threat Post".
State-sponsored actors are deploying the unique malware--which targets specific files and leaves no ransomware note--in ongoing attacks.π Read
via "Threat Post".
Threat Post
U.S. Healthcare Orgs Targeted with Maui Ransomware
State-sponsored actors are deploying the unique malwareβwhich targets specific files and leaves no ransomware noteβin ongoing attacks.
π΄ ICYMI: Critical Cisco RCE Bug, Microsoft Breaks Down Hive, SHI Cyberattack π΄
π Read
via "Dark Reading".
Dark Reading's digest of the other don't-miss stories of the week, including a new ransomware targeting QNAP gear, and a destructive attack against the College of the Desert that lingers on.π Read
via "Dark Reading".
Dark Reading
ICYMI: Critical Cisco RCE Bug, Microsoft Breaks Down Hive, SHI Cyberattack
Dark Reading's digest of the other don't-miss stories of the week, including a new ransomware targeting QNAP gear, and a destructive attack against the College of the Desert that lingers on.
π΄ What Do All of Those Cloud Cybersecurity Acronyms Mean? π΄
π Read
via "Dark Reading".
Acronyms serve as a gatekeeper β if you don't sling the lingo, you don't belong. So here's a quick guide to the letter salad of cloud cybersecurity.π Read
via "Dark Reading".
Dark Reading
What Do All of Those Cloud Cybersecurity Acronyms Mean?
Acronyms serve as a gatekeeper β if you don't sling the lingo, you don't belong. So here's a quick guide to the letter salad of cloud cybersecurity.
βΌ CVE-2022-31290 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28624 βΌ
π Read
via "National Vulnerability Database".
A potential security vulnerability has been identified in certain HPE FlexNetwork and FlexFabric switch products. The vulnerability could be remotely exploited to allow cross site scripting (XSS). HPE has made the following software updates to resolve the vulnerability. HPE FlexNetwork 5130EL_7.10.R3507P02 and HPE FlexFabric 5945_7.10.R6635.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32115 βΌ
π Read
via "National Vulnerability Database".
An issue in the isSVG() function of Known v1.2.2+2020061101 allows attackers to execute arbitrary code via a crafted SVG file.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-30852 βΌ
π Read
via "National Vulnerability Database".
Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR).π Read
via "National Vulnerability Database".
βΌ CVE-2022-28623 βΌ
π Read
via "National Vulnerability Database".
Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd library Patch 9 for RHEL and HPE IceWall SSO version 10.0 certd library Patch 9 for HP-UX.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33011 βΌ
π Read
via "National Vulnerability Database".
Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack.π Read
via "National Vulnerability Database".
ποΈ Decentralized Identifiers: Everything you need to know about the next-gen web ID tech ποΈ
π Read
via "The Daily Swig".
DID promises to give web users more control over their digital identitiesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Decentralized Identifiers: Everything you need to know about the next-gen web ID tech
DID promises to give web users more control over their digital identities
π΄ Zero Trust Bolsters Our National Defense Against Rising Cyber Threats π΄
π Read
via "Dark Reading".
The Colonial Pipeline and JBS attacks, among others, showed us our national resilience is only as strong as public-private sector collaboration.π Read
via "Dark Reading".
Dark Reading
Zero Trust Bolsters Our National Defense Against Rising Cyber Threats
The Colonial Pipeline and JBS attacks, among others, showed us our national resilience is only as strong as public-private sector collaboration.
β Sneaky Orbit Malware Backdoors Linux Devices β
π Read
via "Threat Post".
The novel threat steals data and can affect all processes running on the OS, stealing information from different commands and utilities and then storing it on the affected machine.π Read
via "Threat Post".
Threat Post
Sneaky Orbit Malware Backdoors Linux Devices
The novel threat steals data and can affect all processes running on the OS, stealing information from different commands and utilities and then storing it on the affected machine.
π Friday Five 7/8 π
π Read
via "".
In this weekβs Friday Five, read more about what Apple is doing to protect users against government-backed malware, why U.S. healthcare organizations should be on high alert, how threat actors are changing their tactics, and much more.
π Read
via "".
π΄ Coalition Closes $250 Million in Series F Funding, Valuing the Cyber Insurance Provider at $5 Billion π΄
π Read
via "Dark Reading".
Funding from Allianz X, Valor Equity Partners, Kinetic Partners, and existing investors will accelerate Coalitionβs vision to provide security for all.π Read
via "Dark Reading".
Dark Reading
Coalition Closes $250 Million in Series F Funding, Valuing the Cyber Insurance Provider at $5 Billion
Funding from Allianz X, Valor Equity Partners, Kinetic Partners, and existing investors will accelerate Coalitionβs vision to provide security for all.