ποΈ W3C launches Decentralized Identifiers as a web standard ποΈ
π Read
via "The Daily Swig".
DID has been designed to give users and organizations greater security and privacyπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
W3C launches Decentralized Identifiers as a web standard
DID has been designed to give users and organizations greater security and privacy
βΌ CVE-2022-36321 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some casesπ Read
via "National Vulnerability Database".
βΌ CVE-2022-2489 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Simple E-Learning System 1.0. It has been rated as critical. This issue affects some unknown processing of the file classRoom.php. The manipulation of the argument classCode with the input 1'||(SELECT 0x6770715a WHERE 8795=8795 AND (SELECT 8342 FROM(SELECT COUNT(*),CONCAT(0x7171786b71,(SELECT (ELT(8342=8342,1))),0x717a7a7671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||' leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2487 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in WAVLINK WN535K2 and WN535K3 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/nightled.cgi. The manipulation of the argument start_hour leads to os command injection. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2492 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in SourceCodester Library Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php. The manipulation of the argument RollNo with the input admin' AND (SELECT 2625 FROM (SELECT(SLEEP(5)))MdIL) AND 'KXmq'='KXmq&Password=1231312312 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24660 βΌ
π Read
via "National Vulnerability Database".
The debug interface of Goldshell ASIC Miners v2.2.1 and below was discovered to be exposed publicly on the web interface, allowing attackers to access passwords and other sensitive information in plaintext.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31858 βΌ
π Read
via "National Vulnerability Database".
DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2488 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in WAVLINK WN535K2 and WN535K3 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/touchlist_sync.cgi. The manipulation of the argument IP leads to os command injection. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2486 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in WAVLINK WN535K2 and WN535K3. This affects an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade. The manipulation of the argument key leads to os command injection. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2490 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in SourceCodester Simple E-Learning System 1.0. Affected is an unknown function of the file search.php. The manipulation of the argument classCode with the input 1'||(SELECT 0x74666264 WHERE 5610=5610 AND (SELECT 7504 FROM(SELECT COUNT(*),CONCAT(0x7171627a71,(SELECT (ELT(7504=7504,1))),0x71717a7071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a))||' leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24659 βΌ
π Read
via "National Vulnerability Database".
Goldshell ASIC Miners v2.2.1 and below was discovered to contain a path traversal vulnerability which allows unauthenticated attackers to retrieve arbitrary files from the device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36322 βΌ
π Read
via "National Vulnerability Database".
In JetBrains TeamCity before 2022.04.2 build parameter injection was possibleπ Read
via "National Vulnerability Database".
βΌ CVE-2022-2491 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in SourceCodester Library Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file lab.php. The manipulation of the argument Section with the input 1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x71716b7171,0x546e4444736b7743575a666d4873746a6450616261527a67627944426946507245664143694c6a4c,0x7162706b71),NULL,NULL,NULL,NULL# leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24657 βΌ
π Read
via "National Vulnerability Database".
Goldshell ASIC Miners v2.1.x was discovered to contain hardcoded credentials which allow attackers to remotely connect via the SSH protocol (port 22).π Read
via "National Vulnerability Database".
π΄ How to Mitigate the Risk of Karakurt Data Extortion Group's Tactics, Techniques, and Procedures π΄
π Read
via "Dark Reading".
The group has become the new face of ransomware, taking advantage of vulnerabilities and poor encryption.π Read
via "Dark Reading".
Dark Reading
How to Mitigate the Risk of Karakurt Data Extortion Group's Tactics, Techniques, and Procedures
The group has become the new face of ransomware, taking advantage of vulnerabilities and poor encryption.
π’ Flipkartβs Cleartrip suffers βmassiveβ data breach π’
π Read
via "ITPro".
The Indian online travel company notified customers yesterday of the breach which seems to have taken place between April and May 2022π Read
via "ITPro".
IT PRO
Flipkartβs Cleartrip suffers βmassiveβ data breach | IT PRO
The Indian online travel company notified customers yesterday of the breach which seems to have taken place between April and May 2022
π’ Chinese authorities to fine Didi $1 billion following cyber security review π’
π Read
via "ITPro".
The ride-hailing company will also reportedly be allowed to list its app on domestic app stores once againπ Read
via "ITPro".
IT PRO
Chinese authorities to fine Didi $1 billion following cyber security review | IT PRO
The ride-hailing company will also reportedly be allowed to list its app on domestic app stores once again
π’ Meta begins encrypting Facebook URLs, nullifying tracking countermeasures π’
π Read
via "ITPro".
The move has made URL stripping impossible but will improve analyticsπ Read
via "ITPro".
IT PRO
Meta begins encrypting Facebook URLs, nullifying tracking countermeasures | IT PRO
The move has made URL stripping impossible but will improve analytics
π’ Chrome vs Firefox vs Microsoft Edge π’
π Read
via "ITPro".
We put the web's three most popular browsers head-to-head to find out which one is the best browser of them allπ Read
via "ITPro".
ITPro
Best web browsers 2023: Firefox vs Google Chrome vs Microsoft Edge
Firefox vs Chrome vs Edge - discover which comes out on top in the ultimate battle to crown the very best browser
π’ CISA chooses London for its first-ever overseas office π’
π Read
via "ITPro".
Within hours of the US' announcement, the EU also said it would be going the other way and opening its first west-coast office to tackle digital diplomacyπ Read
via "ITPro".
ITPro
CISA chooses London for its first-ever overseas office
Within hours of the US' announcement, the EU also said it would be going the other way and opening its first west-coast office to tackle digital diplomacy
β 8 months on, US says Log4Shell will be around for βa decade or longerβ β
π Read
via "Naked Security".
When it comes to cybersecurity, ask not what everyone else can do for you...π Read
via "Naked Security".
Naked Security
8 months on, US says Log4Shell will be around for βa decade or longerβ
When it comes to cybersecurity, ask not what everyone else can do for youβ¦