π GNU Privacy Guard 2.3.7 π
π Read
via "Packet Storm Security".
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.π Read
via "Packet Storm Security".
Packetstormsecurity
GNU Privacy Guard 2.3.7 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
ποΈ Post-quantum cryptography hits standardization milestone ποΈ
π Read
via "The Daily Swig".
Green light for four βfuture-proofedβ encryption technologiesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Post-quantum cryptography hits standardization milestone
Green light for four βfuture-proofedβ encryption technologies
π2
π΄ Omdia: Sustainability Ranks Top on Data Center Operatorsβ Agendas Despite Cost and Reliability Barriers π΄
π Read
via "Dark Reading".
.π Read
via "Dark Reading".
Dark Reading
Omdia: Sustainability Ranks Top on Data Center Operatorsβ Agendas Despite Cost and Reliability Barriers
ποΈ PyPI repo to distribute 4,000 security keys to maintainers of βcritical projectsβ in 2FA drive ποΈ
π Read
via "The Daily Swig".
Google is providing Titan Security Keys to maintainers of projects in top 1% of downloadsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
PyPI repo to distribute 4,000 security keys to maintainers of βcritical projectsβ in 2FA drive
Google is providing Titan Security Keys to maintainers of projects in top 1% of downloads
π3
βΌ CVE-2022-31138 βΌ
π Read
via "National Vulnerability Database".
mailcow is a mailserver suite. Prior to mailcow-dockerized version 2022-06a, an extended privilege vulnerability can be exploited by manipulating the custom parameters regexmess, skipmess, regexflag, delete2foldersonly, delete2foldersbutnot, regextrans2, pipemess, or maxlinelengthcmd to execute arbitrary code. Users should update their mailcow instances with the `update.sh` script in the mailcow root directory to 2022-06a or newer to receive a patch for this issue. As a temporary workaround, the Syncjob ACL can be removed from all mailbox users, preventing changes to those settings.π Read
via "National Vulnerability Database".
π€2π1
π΄ Online Payment Fraud Expected to Cost $343B Over Next 5 Years π΄
π Read
via "Dark Reading".
Fraudster innovation will continue to drive successful phishing, business email compromise, and socially engineered attacks, researchers say.π Read
via "Dark Reading".
Dark Reading
Online Payment Fraud Expected to Cost $343B Over Next 5 Years
Fraudster innovation will continue to drive successful phishing, business email compromise, and socially engineered attacks, researchers say.
βΌ CVE-2020-4138 βΌ
π Read
via "National Vulnerability Database".
IBM SiteProtector Appliance 3.1.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 174049.π Read
via "National Vulnerability Database".
βΌ CVE-2020-4150 βΌ
π Read
via "National Vulnerability Database".
IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174142.π Read
via "National Vulnerability Database".
β Popular NFT Marketplace Phished for $540M β
π Read
via "Threat Post".
In March, a North Korean APT siphoned blockchain gaming platform Axie Infinity of $540M.π Read
via "Threat Post".
Threat Post
Popular NFT Marketplace Phished for $540M
In March, a North Korean APT siphoned blockchain gaming platform Axie Infinity of $540M.
β Rethinking Vulnerability Management in a Heightened Threat Landscape β
π Read
via "Threat Post".
Find out why a vital component of vulnerability management needs to be the capacity to prioritize from Mariano Nunez, CEO of Onapsis and Threatpost Infosec Insiders columnist.π Read
via "Threat Post".
Threat Post
Rethinking Vulnerability Management in a Heightened Threat Landscape
Find out why a vital component of vulnerability management needs to be the capacity to prioritize from Mariano Nunez, CEO of Onapsis and Threatpost Infosec Insiders columnist.
π΄ 'Luna Moth' Group Ransoms Data Without the Ransomware π΄
π Read
via "Dark Reading".
Unsophisticated campaigns use off-the-shelf RATs and other tools to exfiltrate data and demand a ransom to keep it private.π Read
via "Dark Reading".
Dark Reading
'Luna Moth' Group Ransoms Data Without the Ransomware
Unsophisticated campaigns use off-the-shelf RATs and other tools to exfiltrate data and demand a ransom to keep it private.
βΌ CVE-2020-35169 βΌ
π Read
via "National Vulnerability Database".
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-31074 βΌ
π Read
via "National Vulnerability Database".
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, several endpoints in the Cloud AdmissionController may be susceptible to a DoS attack if an HTTP request containing a very large Body is sent to it. The consequence of the exhaustion is that the Cloud AdmissionController will be in denial of service. This bug has been fixed in Kubeedge 1.11.1, 1.10.2, and 1.9.4. There is currently no known workaround.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31078 βΌ
π Read
via "National Vulnerability Database".
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, the CloudCore Router does not impose a limit on the size of responses to requests made by the REST handler. An attacker could use this weakness to make a request that will return an HTTP response with a large body and cause DoS of CloudCore. In the HTTP Handler API, the rest handler makes a request to a pre-specified handle. The handle will return an HTTP response that is then read into memory. The consequence of the exhaustion is that CloudCore will be in a denial of service. Only an authenticated user of the cloud can make an attack. It will be affected only when users enable `router` module in the config file `cloudcore.yaml`. This bug has been fixed in Kubeedge 1.11.1, 1.10.2, and 1.9.4. As a workaround, disable the router switch in the config file `cloudcore.yaml`.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29508 βΌ
π Read
via "National Vulnerability Database".
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29506 βΌ
π Read
via "National Vulnerability Database".
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-29507 βΌ
π Read
via "National Vulnerability Database".
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31075 βΌ
π Read
via "National Vulnerability Database".
KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. Prior to versions 1.11.1, 1.10.2, and 1.9.4, EdgeCore may be susceptible to a DoS attack on CloudHub if an attacker was to send a well-crafted HTTP request to `/edge.crt`. If an attacker can send a well-crafted HTTP request to CloudHub, and that request has a very large body, that request can crash the HTTP service through a memory exhaustion vector. The request body is being read into memory, and a body that is larger than the available memory can lead to a successful attack. Because the request would have to make it through authorization, only authorized users may perform this attack. The consequence of the exhaustion is that CloudHub will be in denial of service. KubeEdge is affected only when users enable the CloudHub module in the file `cloudcore.yaml`. This bug has been fixed in Kubeedge 1.11.1, 1.10.2, and 1.9.4. As a workaround, disable the CloudHub switch in the config file `cloudcore.yaml`.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35164 βΌ
π Read
via "National Vulnerability Database".
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31140 βΌ
π Read
via "National Vulnerability Database".
Valinor is a PHP library that helps to map any input into a strongly-typed value object structure. Prior to version 0.12.0, Valinor can use `Throwable#getMessage()` when it should not have permission to do so. This is a problem with cases such as an SQL exception showing an SQL snippet, a database connection exception showing database IP address/username/password, or a timeout detail / out of memory detail. Attackers could use this information for potential data exfiltration, denial of service attacks, enumeration attacks, etc. Version 0.12.0 contains a patch for this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-35168 βΌ
π Read
via "National Vulnerability Database".
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.π Read
via "National Vulnerability Database".