βΌ CVE-2022-30245 βΌ
π Read
via "National Vulnerability Database".
Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change the controller configuration without the knowledge of other users, altering the controller's function capabilities. The changed configuration is not updated in the User Interface, which creates an inconsistency between the configuration display and the actual configuration on the controller. After the configuration change, remediation requires reverting to the correct configuration, requiring either physical or remote access depending on the configuration that was altered.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36461 βΌ
π Read
via "National Vulnerability Database".
An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36553 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Area(food_type) field to /dashboard/menu-list.php.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36552 βΌ
π Read
via "National Vulnerability Database".
Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Made field to /dashboard/menu-list.php.π Read
via "National Vulnerability Database".
β S3 Ep91: CodeRed, OpenSSL, Java bugs and Office macros [Podcast + Transcript] β
π Read
via "Naked Security".
Latest episode - listen now! Great discussion, technical content, solid advice... all covered in plain English.π Read
via "Naked Security".
Naked Security
S3 Ep91: CodeRed, OpenSSL, Java bugs, Office macros [Audio + Text]
Latest episode β listen now! Great discussion, technical content, solid adviceβ¦ all covered in plain English.
ποΈ More than 4,000 individualsβ medical data left exposed for 16 years ποΈ
π Read
via "The Daily Swig".
Private healthcare information was accessible since 2006π Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
More than 4,000 individualsβ medical data left exposed for 16 years
Private healthcare information was accessible since 2006
π΄ Sandworm APT Trolls Researchers on Its Trail as It Targets Ukraine π΄
π Read
via "Dark Reading".
Researchers who helped thwart the Russian nation-state group's recent attack on Ukraine's power supply will disclose at Black Hat USA what they found while reverse-engineering the powerful Industroyer2 malware used by the powerful hacking team.π Read
via "Dark Reading".
Dark Reading
Sandworm APT Trolls Researchers on Its Trail as It Targets Ukraine
Researchers who helped thwart the Russian nation-state group's recent attack on Ukraine's power supply will disclose at Black Hat USA what they found while reverse-engineering the powerful Industroyer2 malware used by the powerful hacking team.
β 7 cybersecurity tips for your summer vacation! β
π Read
via "Naked Security".
Here you go - seven thoughtful cybersecurity tips to help you travel safely...π Read
via "Naked Security".
Naked Security
7 cybersecurity tips for your summer vacation!
Here you go β seven thoughtful cybersecurity tips to help you travel safelyβ¦
β Emerging H0lyGh0st Ransomware Tied to North Korea β
π Read
via "Threat Post".
Microsoft has linked a threat that emerged in June 2021 and targets small-to-mid-sized businesses to state-sponsored actors tracked as DEV-0530.π Read
via "Threat Post".
Threat Post
Emerging H0lyGh0st Ransomware Tied to North Korea
Microsoft has linked a threat that emerged in June 2021 and targets small-to-mid-sized businesses to state-sponsored actors tracked as DEV-0530.
βΌ CVE-2022-35409 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2020-35305 βΌ
π Read
via "National Vulnerability Database".
Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23141 βΌ
π Read
via "National Vulnerability Database".
ZXMP M721 has an information leak vulnerability. Since the serial port authentication on the ZBOOT interface is not effective although it is enabled, an attacker could use this vulnerability to log in to the device to obtain sensitive information.π Read
via "National Vulnerability Database".
π΄ Ex-CIA Programmer Found Guilty of Stealing Vault 7 Data, Giving It to Wikileaks π΄
π Read
via "Dark Reading".
Joshua Schulte has been convicted for his role in the Vault 7 Wikileaks data dump that exposed invasive US cyber intelligence tactics.π Read
via "Dark Reading".
Dark Reading
Ex-CIA Programmer Found Guilty of Stealing Vault 7 Data, Giving It to Wikileaks
Joshua Schulte has been convicted for his role in the Vault 7 Wikileaks data dump that exposed invasive US cyber intelligence tactics.
π΄ What Are the Risks of Employees Going on a 'Hybrid Holiday'? π΄
π Read
via "Dark Reading".
As more employees plan on taking a "hybrid holiday" β longer holidays with the intention of working remotely from the travel destination for part of that time β organizations have to consider the risks. The biggest one? Wi-Fi networks.π Read
via "Dark Reading".
Dark Reading
What Are the Risks of Employees Going on a 'Hybrid Holiday'?
As more employees plan on taking longer holidays and working remotely from the destination for part of that time, organizations have to consider the risks. Like Wi-Fi networks.
π΄ How Attackers Could Dupe Developers into Downloading Malicious Code From GitHub π΄
π Read
via "Dark Reading".
Developers need to be cautious about whom they trust on GitHub because it's easy to establish fake credibility on the platform, security vendor warns.π Read
via "Dark Reading".
Dark Reading
How Attackers Could Dupe Developers into Downloading Malicious Code From GitHub
Developers need to be cautious about whom they trust on GitHub because it's easy to establish fake credibility on the platform, security vendor warns.
βΌ CVE-2022-34232 βΌ
π Read
via "National Vulnerability Database".
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34222 βΌ
π Read
via "National Vulnerability Database".
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34230 βΌ
π Read
via "National Vulnerability Database".
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34241 βΌ
π Read
via "National Vulnerability Database".
Adobe Character Animator version 4.4.7 (and earlier) and 22.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34234 βΌ
π Read
via "National Vulnerability Database".
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34215 βΌ
π Read
via "National Vulnerability Database".
Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".