ποΈ Tor Browser 11.5 release enables users to automatically circumvent censorship ποΈ
π Read
via "The Daily Swig".
New update addresses challenges faced by users in repressive countriesπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Tor Browser 11.5 release enables users to automatically circumvent censorship
New update addresses challenges faced by users in repressive countries
π΄ Protecting Against Kubernetes-Borne Ransomware π΄
π Read
via "Dark Reading".
The conventional wisdom that virtual container environments were somehow immune from malware and hackers has been upended.π Read
via "Dark Reading".
Dark Reading
Protecting Against Kubernetes-Borne Ransomware
The conventional wisdom that virtual container environments were somehow immune from malware and hackers has been upended.
π΄ Enso Security Leads Industry Mission to Bring Control to Chaos With Community-Driven AppSec Map π΄
π Read
via "Dark Reading".
Builds personalization, posture scoring and enhanced market intelligence into interactive map of the application security ecosystem.π Read
via "Dark Reading".
Dark Reading
Enso Security Leads Industry Mission to Bring Control to Chaos With Community-Driven AppSec Map
Builds personalization, posture scoring and enhanced market intelligence into interactive map of the application security ecosystem.
π΄ GhangorCloud Announces CAPE, a Next Generation Unified Compliance and Data Privacy Enforcement Solution π΄
π Read
via "Dark Reading".
New CAPE platform delivers patented intelligent automation and enforcement of consumer data privacy mandates at lowest total cost of ownership.π Read
via "Dark Reading".
Dark Reading
GhangorCloud Announces CAPE, a Next Generation Unified Compliance and Data Privacy Enforcement Solution
New CAPE platform delivers patented intelligent automation and enforcement of consumer data privacy mandates at lowest total cost of ownership.
ποΈ βPassword extraction riskβ in identity provider Okta disputed ποΈ
π Read
via "The Daily Swig".
Researchers go public after vendor disputes impersonation threatπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
βPassword extraction riskβ in identity provider Okta disputed
Researchers go public after vendor disputes impersonation threat
π1
β FBI Warns Fake Crypto Apps are Bilking Investors of Millions β
π Read
via "Threat Post".
Threat actors offer victims what appear to be investment services from legitimate companies to lure them into downloading malicious apps aimed at defrauding them.π Read
via "Threat Post".
Threat Post
FBI Warns Fake Crypto Apps are Bilking Investors of Millions
Threat actors offer victims what appear to be investment services from legitimate companies to lure them into downloading malicious apps aimed at defrauding them.
β Authentication Risks Discovered in Okta Platform β
π Read
via "Threat Post".
Four newly discovered attack paths could lead to PII exposure, account takeover, even organizational data destruction.π Read
via "Threat Post".
Threat Post
Authentication Risks Discovered in Okta Platform
Four newly discovered attack paths could lead to PII exposure, account takeover, even organizational data destruction.
π΄ Unpatched GPS Tracker Security Bugs Threaten 1.5M Vehicles with Disruption π΄
π Read
via "Dark Reading".
A GPS device from MiCODUS has six security bugs that could allow attackers to monitor 1.5 million vehicles that use the tracker, or even remotely disable vehicles.π Read
via "Dark Reading".
Dark Reading
Unpatched GPS Tracker Security Bugs Threaten 1.5M Vehicles With Disruption
A GPS device from MiCODUS has six security bugs that could allow attackers to monitor 1.5 million vehicles that use the tracker, or even remotely disable vehicles.
βΌ CVE-2022-29060 βΌ
π Read
via "National Vulnerability Database".
A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 through 5.5.1, 5.4.0 through 5.4.2, 5.3.0 through 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve the key from one device to sign JWT tokens for any device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2192 βΌ
π Read
via "National Vulnerability Database".
Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 allows remote attackers with a valid one-time recovery token to elevate privileges via path tampering in the Magic Link page. This issue affects: HYPR Server versions later than 6.10; version 6.15.1 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2453 βΌ
π Read
via "National Vulnerability Database".
Use After Free in GitHub repository gpac/gpac prior to 2.1-DEV.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24082 βΌ
π Read
via "National Vulnerability Database".
If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running on PegaCloud due to its design and architecture.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26113 βΌ
π Read
via "National Vulnerability Database".
An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.10 may allow a local attacker to perform an arbitrary file write on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35405 βΌ
π Read
via "National Vulnerability Database".
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)π Read
via "National Vulnerability Database".
βΌ CVE-2022-1984 βΌ
π Read
via "National Vulnerability Database".
This issue affects: HYPR Windows WFA versions prior to 7.2; Unsafe Deserialization vulnerability in HYPR Workforce Access (WFA) before version 7.2 may allow local authenticated attackers to elevate privileges via a malicious serialized payload.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32504 βΌ
π Read
via "National Vulnerability Database".
Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive informationΓ’β¬β’s to launch further attacks on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2454 βΌ
π Read
via "National Vulnerability Database".
Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.1-DEV.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30302 βΌ
π Read
via "National Vulnerability Database".
Multiple relative path traversal vulnerabilities [CWE-23] in FortiDeceptor management interface 1.0.0 through 3.2.x, 3.3.0 through 3.3.2, 4.0.0 through 4.0.1 may allow a remote and authenticated attacker to retrieve and delete arbitrary files from the underlying filesystem via specially crafted web requests.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2193 βΌ
π Read
via "National Vulnerability Database".
Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. This issue affects: HYPR Server versions prior to 6.14.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30301 βΌ
π Read
via "National Vulnerability Database".
A path traversal vulnerability [CWE-22] in FortiAP-U CLI 6.2.0 through 6.2.3, 6.0.0 through 6.0.4, 5.4.0 through 5.4.6 may allow an admin user to delete and access unauthorized files and data via specifically crafted CLI commands.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29057 βΌ
π Read
via "National Vulnerability Database".
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload into the Management Console via various endpoints.π Read
via "National Vulnerability Database".