π΄ Huntress Acquires Curricula for $22M to Disrupt Security Training Market, Elevate Cyber Readiness for SMB Employees π΄
π Read
via "Dark Reading".
The Curricula platform uses behavioral science with a simplified approach to train and educate users β and marks another step forward in Huntressβ mission to secure the 99%.π Read
via "Dark Reading".
Dark Reading
Huntress Acquires Curricula for $22M to Disrupt Security Training Market, Elevate Cyber Readiness for SMB Employees
The Curricula platform uses behavioral science with a simplified approach to train and educate users β and marks another step forward in Huntressβ mission to secure the 99%.
π΄ Will Your Cyber-Insurance Premiums Protect You in Times of War? π΄
π Read
via "Dark Reading".
Multiple cyber-insurance carriers have adopted act-of-war exclusions due to global political instability and are seeking to stretch the definition of war to deny coverage.π Read
via "Dark Reading".
Dark Reading
Will Your Cyber-Insurance Premiums Protect You in Times of War?
Multiple cyber-insurance carriers have adopted act-of-war exclusions due to global political instability and are seeking to stretch the definition of war to deny coverage.
π΄ Okta Exposes Passwords in Clear Text for Possible Theft π΄
π Read
via "Dark Reading".
Researchers say Okta could allow attackers to easily exfiltrate passwords, impersonate other users, and alter logs to cover their tracks.π Read
via "Dark Reading".
Dark Reading
Okta Exposes Passwords in Clear Text for Possible Theft
Researchers say Okta could allow attackers to easily exfiltrate passwords, impersonate other users, and alter logs to cover their tracks.
βΌ CVE-2022-34001 βΌ
π Read
via "National Vulnerability Database".
Unit4 ERP through 7.9 allows XXE via ExecuteServerProcessAsynchronously.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27545 βΌ
π Read
via "National Vulnerability Database".
BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27544 βΌ
π Read
via "National Vulnerability Database".
BigFix Web Reports authorized users may see SMTP credentials in clear text.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22359 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220652.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22417 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223127.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22358 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 220651.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34023 βΌ
π Read
via "National Vulnerability Database".
Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /officials/officials.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22360 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 220782.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22416 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 223126.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35912 βΌ
π Read
via "National Vulnerability Database".
In grails-databinding in Grails before 3.3.15, 4.x before 4.1.1, 5.x before 5.1.9, and 5.2.x before 5.2.1 (at least when certain Java 8 configurations are used), data binding allows a remote attacker to execute code by gaining access to the class loader.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2469 βΌ
π Read
via "National Vulnerability Database".
GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API clientπ Read
via "National Vulnerability Database".
βΌ CVE-2022-27580 βΌ
π Read
via "National Vulnerability Database".
A deserialization vulnerability in a .NET framework class used and not properly checked by Safety Designer all versions up to and including 1.11.0 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges of the current user when opened or imported by the Safety Designer. This compromises confidentiality integrity and availability. For the attack to succeed a user must manually open a malicious project file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-27579 βΌ
π Read
via "National Vulnerability Database".
A deserialization vulnerability in a .NET framework class used and not properly checked by Flexi Soft Designer in all versions up to and including 1.9.4 SP1 allows an attacker to craft malicious project files. Opening/importing such a malicious project file would execute arbitrary code with the privileges of the current user when opened or imported by the Flexi Soft Designer. This compromises confidentiality integrity and availability. For the attack to succeed a user must manually open a malicious project file.π Read
via "National Vulnerability Database".
π΄ Startup Aims to Secure AI, Machine Learning Development π΄
π Read
via "Dark Reading".
With security experts warning against attacks on machine learning models and data, startup HiddenLayer aims to protect the neural networks powering AI-augmented products.π Read
via "Dark Reading".
Dark Reading
Startup Aims to Secure AI, Machine Learning Development
With security experts warning against attacks on machine learning models and data, startup HiddenLayer aims to protect the neural networks powering AI-augmented products.
π΄ Post-Breakup, Conti Ransomware Members Remain Dangerous π΄
π Read
via "Dark Reading".
The gang's members have moved into different criminal activities, and could regroup once law-enforcement attention has simmered down a bit, researchers say.π Read
via "Dark Reading".
Dark Reading
Post-Breakup, Conti Ransomware Members Remain Dangerous
The gang's members have moved into different criminal activities, and could regroup once law-enforcement attention has simmered down a bit, researchers say.
βΌ CVE-2022-34024 βΌ
π Read
via "National Vulnerability Database".
Barangay Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the resident module editing function at /bmis/pages/resident/resident.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34169 βΌ
π Read
via "National Vulnerability Database".
The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36305 βΌ
π Read
via "National Vulnerability Database".
Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the body function at /web/api/v1/upload/UploadHandler.php.π Read
via "National Vulnerability Database".