π΄ Feds Recoup $500K From Maui Ransomware Gang π΄
π Read
via "Dark Reading".
Law enforcement hopes that retuning ransom payments to impacted businesses will demonstrate that working with the feds following a cybersecurity breach is "good business."π Read
via "Dark Reading".
Dark Reading
Feds Recoup $500K From Maui Ransomware Gang
Law enforcement hopes that retuning ransom payments to impacted businesses will demonstrate that working with the feds following a cybersecurity breach is "good business."
π΄ Lax Security Fuels Massive 8220 Gang Botnet Army Surge π΄
π Read
via "Dark Reading".
The threat group 8220 Gang's cryptocurrency miner and botnet reach has exploded to 30,000 global hosts, a notable increase over the past month, researchers say.π Read
via "Dark Reading".
Dark Reading
Lax Security Fuels Massive 8220 Gang Botnet Army Surge
The threat group 8220 Gang's cryptocurrency miner and botnet reach has exploded to 30,000 global hosts, a notable increase over the past month, researchers say.
π΄ 'AIG' Threat Group Launches with Unique Business Model π΄
π Read
via "Dark Reading".
The rapidly growing Atlas Intelligence Group relies on cyber-mercenaries to carry out its missions.π Read
via "Dark Reading".
βΌ CVE-2022-29454 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload files. File attachment to messages must be activated.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38936 βΌ
π Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.3, 7.4, and 7.5 could disclose highly sensitive information to a privileged user. IBM X-Force ID: 210893.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21405 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in H96 Smart TV Box H96 Pro Plus allows attackers to corrupt files via calls to the saveDeepColorAttr service.unkπ Read
via "National Vulnerability Database".
βΌ CVE-2022-26138 βΌ
π Read
via "National Vulnerability Database".
The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. This user account is created when installing versions 2.7.34, 2.7.35, and 3.0.2 of the app.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22424 βΌ
π Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions. IBM X-Force ID: 223597.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36849 βΌ
π Read
via "National Vulnerability Database".
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in RenΓΒ© Hermenau's Social Media Share Buttons plugin <= 3.8.1 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26137 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. Atlassian has confirmed and fixed the only known security issue associated with this vulnerability: Cross-origin resource sharing (CORS) bypass. Sending a specially crafted HTTP request can invoke the Servlet Filter used to respond to CORS requests, resulting in a CORS bypass. An attacker that can trick a user into requesting a malicious URL can access the vulnerable application with the victimΓ’β¬β’s permissions. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.π Read
via "National Vulnerability Database".
βΌ CVE-2021-29755 βΌ
π Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.3, 7.4, and 7.5 does not preform proper certificate validation for some inter-host communications. IBM X-Force ID: 202015.π Read
via "National Vulnerability Database".
βΌ CVE-2020-21406 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in RK Smart TV Box MAX and V88 SmartTV box that allows attackers to cause a denial of service via the switchNextDisplayInterface service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29923 βΌ
π Read
via "National Vulnerability Database".
Authenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in ThingsForRestaurants Quick Restaurant Reservations plugin <= 1.4.1 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35569 βΌ
π Read
via "National Vulnerability Database".
Blogifier v3.0 was discovered to contain an arbitrary file upload vulnerability at /api/storage/upload/PostImage. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26136 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. The impact depends on which filters are used by each app, and how the filters are used. This vulnerability can result in authentication bypass and cross-site scripting. Atlassian has released updates that fix the root cause of this vulnerability, but has not exhaustively enumerated all potential consequences of this vulnerability. Atlassian Bamboo versions are affected before 8.0.9, from 8.1.0 before 8.1.8, and from 8.2.0 before 8.2.4. Atlassian Bitbucket versions are affected before 7.6.16, from 7.7.0 before 7.17.8, from 7.18.0 before 7.19.5, from 7.20.0 before 7.20.2, from 7.21.0 before 7.21.2, and versions 8.0.0 and 8.1.0. Atlassian Confluence versions are affected before 7.4.17, from 7.5.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and version 7.21.0. Atlassian Crowd versions are affected before 4.3.8, from 4.4.0 before 4.4.2, and version 5.0.0. Atlassian Fisheye and Crucible versions before 4.8.10 are affected. Atlassian Jira versions are affected before 8.13.22, from 8.14.0 before 8.20.10, and from 8.21.0 before 8.22.4. Atlassian Jira Service Management versions are affected before 4.13.22, from 4.14.0 before 4.20.10, and from 4.21.0 before 4.22.4.π Read
via "National Vulnerability Database".
π΄ Cybersecurity Professionals Push Their Organizations Toward Vendor Consolidation and Product Integration π΄
π Read
via "Dark Reading".
New global study from ESG and ISSA reveals nearly half of organizations are consolidating or plan on consolidating the number of vendors they do business withπ Read
via "Dark Reading".
Dark Reading
Cybersecurity Professionals Push Their Organizations Toward Vendor Consolidation and Product Integration
New global study from ESG and ISSA reveals nearly half of organizations are consolidating or plan on consolidating the number of vendors they do business with
βΌ CVE-2022-20877 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20860 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information. This vulnerability exists because SSL server certificates are not validated when Cisco Nexus Dashboard is establishing a connection to Cisco Application Policy Infrastructure Controller (APIC), Cisco Cloud APIC, or Cisco Nexus Dashboard Fabric Controller, formerly Data Center Network Manager (DCNM) controllers. An attacker could exploit this vulnerability by using man-in-the-middle techniques to intercept the traffic between the affected device and the controllers, and then using a crafted certificate to impersonate the controllers. A successful exploit could allow the attacker to alter communications between devices or view sensitive information, including Administrator credentials for these controllers.π Read
via "National Vulnerability Database".
βΌ CVE-2022-20874 βΌ
π Read
via "National Vulnerability Database".
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient validation of user fields within incoming HTTP packets. An attacker could exploit these vulnerabilities by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device with root-level privileges or to cause the device to restart unexpectedly, resulting in a DoS condition. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates that address these vulnerabilities.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31146 βΌ
π Read
via "National Vulnerability Database".
There is a bug in the Wasmtime's code generator, Cranelift, where functions using reference types may be incorrectly missing metadata required for runtime garbage collection. This means that if a GC happens at runtime then the GC pass will mistakenly think these functions do not have live references to GC'd values, reclaiming them and deallocating them. The function will then subsequently continue to use the values assuming they had not been GC'd, leading later to a use-after-free. This bug was introduced in the migration to the `regalloc2` register allocator that occurred in the Wasmtime 0.37.0 release on 2022-05-20. This bug has been patched and users should upgrade to Wasmtime version 0.38.2. Mitigations for this issue can be achieved by doing one of: * Disabling the reference types proposal by passing `false` to [`wasmtime::Config::wasm_reference_types`](https://docs.rs/wasmtime/0.38.0/wasmtime/struct.Config.html#method.wasm_reference_types). * Downgrading to Wasmtime 0.36.0 or prior.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31171 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-31159. Reason: This candidate is a reservation duplicate of CVE-2022-31159. Notes: All CVE users should reference CVE-2022-31159 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".