βΌ CVE-2022-22453 βΌ
π Read
via "National Vulnerability Database".
IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 224919.π Read
via "National Vulnerability Database".
π΄ DHS Review Board Deems Log4j an 'Endemic' Cyber Threat π΄
π Read
via "Dark Reading".
Vulnerability will remain a "significant" threat for years to come and highlighted the need for more public and private sector support for open source software ecosystem, Cyber Safety Review Board says.π Read
via "Dark Reading".
Dark Reading
DHS Review Board Deems Log4j an 'Endemic' Cyber Threat
Vulnerability will remain a "significant" threat for years to come and highlighted the need for more public and private sector support for open source software ecosystem, Cyber Safety Review Board says.
π΄ New Phishing Kit Hijacks WordPress Sites for PayPal Scam π΄
π Read
via "Dark Reading".
Attackers use scam security checks to steal victims' government documents, photos, banking information, and email passwords, researchers warn.π Read
via "Dark Reading".
Dark Reading
New Phishing Kit Hijacks WordPress Sites for PayPal Scam
Attackers use scam security checks to steal victims' government documents, photos, banking information, and email passwords, researchers warn.
π΄ Bishop Fox Secures $75 Million in Growth Funding From Carrick Capital Partners π΄
π Read
via "Dark Reading".
Offensive security leader continues to defy market and economic trends with record growth and recognized innovation.π Read
via "Dark Reading".
Dark Reading
Bishop Fox Secures $75 Million in Growth Funding From Carrick Capital Partners
Offensive security leader continues to defy market and economic trends with record growth and recognized innovation.
βΌ CVE-2022-32415 βΌ
π Read
via "National Vulnerability Database".
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/?p=products/view_product&id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34093 βΌ
π Read
via "National Vulnerability Database".
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34092 βΌ
π Read
via "National Vulnerability Database".
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via svg2img.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32417 βΌ
π Read
via "National Vulnerability Database".
PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32425 βΌ
π Read
via "National Vulnerability Database".
The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by timing the server's response time.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32416 βΌ
π Read
via "National Vulnerability Database".
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_product.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32409 βΌ
π Read
via "National Vulnerability Database".
A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34094 βΌ
π Read
via "National Vulnerability Database".
Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via request_token.php.π Read
via "National Vulnerability Database".
π2
βΌ CVE-2022-2419 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in URVE Web Manager. It has been declared as critical. This vulnerability affects unknown code of the file _internal/collector/upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1881 βΌ
π Read
via "National Vulnerability Database".
In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. This vulnerability only impacts projects within the same Space.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2420 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in URVE Web Manager. It has been rated as critical. This issue affects some unknown processing of the file _internal/uploader.php. The manipulation leads to unrestricted upload. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29890 βΌ
π Read
via "National Vulnerability Database".
In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2418 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in URVE Web Manager. It has been classified as critical. This affects an unknown part of the file kreator.html5/img_upload.php. The manipulation leads to unrestricted upload. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
π Friday Five 7/15 π
π Read
via "".
This week saw the conviction of a former CIA engineer, a brief takedown of Congress.gov, and news of a promising decline in ransomware. Read about all of this and more in this week's Friday Five!
π Read
via "".
ποΈ Crunch time for EU web authentication plan as Mozilla launches campaign to protect status quo ποΈ
π Read
via "The Daily Swig".
Mozillaβs message to MEPs appears to be gaining traction, says senior public policy manager at the non-profitπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Crunch time for EU web authentication plan as Mozilla launches campaign to protect status quo
Mozillaβs message to MEPs appears to be gaining traction, says senior public policy manager at the non-profit
π΄ How Hackers Create Fake Personas for Social Engineering π΄
π Read
via "Dark Reading".
And some ways to up your game for identifying fabricated online profiles of people who don't exist.π Read
via "Dark Reading".
Dark Reading
How Hackers Create Fake Personas for Social Engineering
And some ways to up your game for identifying fabricated online profiles of people who don't exist.
ποΈ Fantasy Premier League football app introduces 2FA to tackle account takeover hacks ποΈ
π Read
via "The Daily Swig".
Authentication controls added to defend against account hijack threatπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Fantasy Premier League football app introduces 2FA to tackle account takeover hacks
Authentication controls added to defend against account hijack threat
β€1