βΌ CVE-2022-33736 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in Opcenter Quality V13.1 (All versions < V13.1.20220624), Opcenter Quality V13.2 (All versions < V13.2.20220624). The affected applications do not properly validate login information during authentication. This could lead to denial of service condition for existing users or allow unauthenticated remote attackers to successfully login without credentials.π Read
via "National Vulnerability Database".
π€1
βΌ CVE-2022-34285 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-050)π Read
via "National Vulnerability Database".
βΌ CVE-2022-29560 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < 2.15.1), RUGGEDCOM ROX MX5000RE (All versions < 2.15.1), RUGGEDCOM ROX RX1400 (All versions < 2.15.1), RUGGEDCOM ROX RX1500 (All versions < 2.15.1), RUGGEDCOM ROX RX1501 (All versions < 2.15.1), RUGGEDCOM ROX RX1510 (All versions < 2.15.1), RUGGEDCOM ROX RX1511 (All versions < 2.15.1), RUGGEDCOM ROX RX1512 (All versions < 2.15.1), RUGGEDCOM ROX RX1524 (All versions < 2.15.1), RUGGEDCOM ROX RX1536 (All versions < 2.15.1), RUGGEDCOM ROX RX5000 (All versions < 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33138 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). Affected devices do not perform authentication for several web API endpoints. This could allow an unauthenticated remote attacker to read and download data from the device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34291 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains a stack corruption vulnerability while parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-057, FG-VD-22-058, FG-VD-22-060)π Read
via "National Vulnerability Database".
βΌ CVE-2022-34288 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files. An attacker could leverage this vulnerability to leak information in the context of the current process. (FG-VD-22-053)π Read
via "National Vulnerability Database".
βΌ CVE-2022-34289 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted PCB files. This could allow an attacker to execute code in the context of the current process. (FG-VD-22-054)π Read
via "National Vulnerability Database".
βΌ CVE-2022-34821 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions). By injecting code to specific configuration options for OpenVPN, an attacker could execute arbitrary code with elevated privileges.π Read
via "National Vulnerability Database".
β How War Impacts Cyber Insurance β
π Read
via "Threat Post".
Chris Hallenbeck, CISO for the Americas at Tanium, discusses the impact of geopolitical conflict on the cybersecurity insurance market.π Read
via "Threat Post".
Threat Post
How War Impacts Cyber Insurance
Chris Hallenbeck, CISO for the Americas at Tanium, discusses the impact of geopolitical conflict on the cybersecurity insurance market.
π2
π΄ Ransomware Scourge Drives Price Hikes in Cyber Insurance π΄
π Read
via "Dark Reading".
Cybersecurity insurance costs are rising, and insurers are likely to demand more direct access to organizational metrics and measures to make more accurate risk assessments.π Read
via "Dark Reading".
Dark Reading
Ransomware Scourge Drives Price Hikes in Cyber Insurance
Cybersecurity insurance costs are rising, and insurers are likely to demand more direct access to organizational metrics and measures to make more accurate risk assessments.
β Paying ransomware crooks wonβt reduce your legal risk, warns regulator β
π Read
via "Naked Security".
"We paid the crooks to keep things under control and make a bad thing better"... isn't a valid excuse. Who knew?π Read
via "Naked Security".
Naked Security
Paying ransomware crooks wonβt reduce your legal risk, warns regulator
βWe paid the crooks to keep things under control and make a bad thing betterββ¦ isnβt a valid excuse. Who knew?
ποΈ Take threats against machine learning systems seriously, security firm warns ποΈ
π Read
via "The Daily Swig".
A new white paper from NCC Group details the myriad security threats associated with machine learning modelsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Take threats against machine learning systems seriously, security firm warns
A new white paper from NCC Group details the myriad security threats associated with machine learning models
π΄ Accessible Cybersecurity Awareness Training Reduces Your Risk of Cyberattack π΄
π Read
via "Dark Reading".
If you're not teaching all of your employees proper security hygiene, you are leaving the door open to risk. Close that door by providing accessible training.π Read
via "Dark Reading".
Dark Reading
Accessible Cybersecurity Awareness Training Reduces Your Risk of Cyberattack
If you're not teaching all of your employees proper security hygiene, you are leaving the door open to risk. Close that door by providing accessible training.
π΄ How Confidential Computing Locks Down Data, Regardless of Its State π΄
π Read
via "Dark Reading".
Whether data's in motion, at rest, or in use, confidential computing makes moving workloads to the public cloud safer, and can enhance data security in other deployments.π Read
via "Dark Reading".
Dark Reading
How Confidential Computing Locks Down Data, Regardless of Its State
Whether data's in motion, at rest, or in use, confidential computing makes moving workloads to the public cloud safer, and can enhance data security in other deployments.
β€1
π΄ Deloitte Launches Zero Trust Access, a New Managed Security Service π΄
π Read
via "Dark Reading".
.π Read
via "Dark Reading".
Dark Reading
Deloitte Launches Zero Trust Access, a New Managed Security Service
βΌ CVE-2022-2292 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in SourceCodester Hotel Management System 2.0. Affected is an unknown function of the file /ci_hms/massage_room/edit/1 of the component Room Edit Page. The manipulation of the argument massageroomDetails with the input "><script>alert("XSS")</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35313 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33702 βΌ
π Read
via "National Vulnerability Database".
Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30752 βΌ
π Read
via "National Vulnerability Database".
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30755 βΌ
π Read
via "National Vulnerability Database".
Improper authentication vulnerability in AppLock prior to SMR Jul-2022 Release 1 allows attacker to bypass password confirm activity by hijacking the implicit intent.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30751 βΌ
π Read
via "National Vulnerability Database".
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action.π Read
via "National Vulnerability Database".