π΄ Is Cryptocurrency's Crash Causing Headaches for Ransomware Gangs? π΄
π Read
via "Dark Reading".
Bitcoin is down more than 70% from its highs late last year, causing disruptions for cybercriminals and the underground exchanges that fuel the dark markets.π Read
via "Dark Reading".
Dark Reading
Is Cryptocurrency's Crash Causing Headaches for Ransomware Gangs?
Bitcoin is down more than 70% from its highs late last year, causing disruptions for cybercriminals and the underground exchanges that fuel the dark markets.
β Facebook 2FA scammers return β this time in just 21 minutes β
π Read
via "Naked Security".
Last time they arrived 28 minutes after lighting up their fake domain... this time it was just 21 minutesπ Read
via "Naked Security".
Naked Security
Facebook 2FA scammers return β this time in just 21 minutes
Last time they arrived 28 minutes after lighting up their fake domain⦠this time it was just 21 minutes
βΌ CVE-2022-1662 βΌ
π Read
via "National Vulnerability Database".
In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. This could allow unauthorized local users to view the password via the process list while convert2rhel is running. However, this ansible playbook is only an example in the upstream repository and it is not shipped in officially supported versions of convert2rhel.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32215 βΌ
π Read
via "National Vulnerability Database".
The llhttp parser in the http module in Node v17.6.0 does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).π Read
via "National Vulnerability Database".
βΌ CVE-2022-29593 βΌ
π Read
via "National Vulnerability Database".
relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32223 βΌ
π Read
via "National Vulnerability Database".
Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and Γ’β¬ΕC:\Program Files\Common Files\SSL\openssl.cnfΓ’β¬οΏ½ exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32210 βΌ
π Read
via "National Vulnerability Database".
`Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy. This unexpectedly means that proxies can MitM all HTTPS traffic, and if the proxy's URL is HTTP then it also means that nominally HTTPS requests are actually sent via plain-text HTTP between Undici and the proxy server.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32222 βΌ
π Read
via "National Vulnerability Database".
A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28876 βΌ
π Read
via "National Vulnerability Database".
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aeheur.dll component can crash the scanning engine. The exploit can be triggered remotely by an attacker.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32214 βΌ
π Read
via "National Vulnerability Database".
The llhttp parser in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).π Read
via "National Vulnerability Database".
βΌ CVE-2020-14127 βΌ
π Read
via "National Vulnerability Database".
A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by heap overflow and can be exploited by attackers to make remote denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32225 βΌ
π Read
via "National Vulnerability Database".
A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. This vulnerability could be exploited by an attacker by convincing a legitimate user to visit a crafted URL on a Veeam Management Pack for Microsoft System Center server, allowing for the execution of arbitrary scripts.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2393 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32213 βΌ
π Read
via "National Vulnerability Database".
The llhttp parser in the http module in Node.js v17.x does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).π Read
via "National Vulnerability Database".
βΌ CVE-2022-30024 βΌ
π Read
via "National Vulnerability Database".
A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the System Tools of the Wi-Fi network. This affects TL-WR841 V12 TL-WR841N(EU)_V12_160624 and TL-WR841 V11 TL-WR841N(EU)_V11_160325 , TL-WR841N_V11_150616 and TL-WR841 V10 TL-WR841N_V10_150310 are also affected.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32212 βΌ
π Read
via "National Vulnerability Database".
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.π Read
via "National Vulnerability Database".
β S3 Ep91: CodeRed, OpenSSL, Java bugs and Office macros [Podcast + Transcript] β
π Read
via "Naked Security".
Latest episode - listen now! Great discussion, technical content, solid advice... all covered in plain English.π Read
via "Naked Security".
Naked Security
S3 Ep91: CodeRed, OpenSSL, Java bugs, Office macros [Audio + Text]
Latest episode β listen now! Great discussion, technical content, solid adviceβ¦ all covered in plain English.
βΌ CVE-2021-39016 βΌ
π Read
via "National Vulnerability Database".
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. IBM X-Force ID: 213722.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39015 βΌ
π Read
via "National Vulnerability Database".
IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213655.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39028 βΌ
π Read
via "National Vulnerability Database".
IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 213866.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22473 βΌ
π Read
via "National Vulnerability Database".
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. This information could be used in further attacks against the system. IBM X-Force ID: 225347.π Read
via "National Vulnerability Database".