βΌ CVE-2021-33447 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in mjs (mJS: Restricted JavaScript engine), ES6 (JavaScript version 6). There is NULL pointer dereference in mjs_print() in mjs.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31879 βΌ
π Read
via "National Vulnerability Database".
Online Fire Reporting System 1.0 is vulnerable to SQL Injection via the date parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34991 βΌ
π Read
via "National Vulnerability Database".
Paymoney v3.3 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the first_name and last_name parameters.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33465 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in expand_mmacro() in modules/preprocs/nasm/nasm-pp.c.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33450 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_calloc() in nasmlib/alloc.c.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33459 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasm_parser_directive() in modules/parsers/nasm/nasm-parse.c.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33458 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in find_cc() in modules/preprocs/nasm/nasm-pp.c.π Read
via "National Vulnerability Database".
ποΈ FileWave MDM authentication bypass bugs expose managed devices to hijack risk ποΈ
π Read
via "The Daily Swig".
βVast majorityβ of users have updated systems thanks to vendor warningsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
FileWave MDM authentication bypass bugs expose managed devices to hijack risk
βVast majorityβ of users have updated systems thanks to vendor warnings
βΌ CVE-2022-35639 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive. IBM X-Force ID: 230932.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1648 βΌ
π Read
via "National Vulnerability Database".
Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote Code Execution with running application privilege.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36412 βΌ
π Read
via "National Vulnerability Database".
In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. (An API request may, in effect, be executed with the credentials of a user who authenticated in the past.)π Read
via "National Vulnerability Database".
βΌ CVE-2022-22412 βΌ
π Read
via "National Vulnerability Database".
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with access to the local host (client machine) to obtain a login access token. IBM X-Force ID: 223019.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35286 βΌ
π Read
via "National Vulnerability Database".
IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230814.π Read
via "National Vulnerability Database".
π΄ Ducktail Spear-Phishing Campaign Uses LinkedIn to Hijack Facebook Business Accounts π΄
π Read
via "Dark Reading".
Ducktail targets marketing and HR professionals through LinkedIn to hijack Facebook accounts and run malvertising schemes.π Read
via "Dark Reading".
Dark Reading
Ducktail Spear-Phishing Campaign Uses LinkedIn to Hijack Facebook Business Accounts
Ducktail targets marketing and HR professionals through LinkedIn to hijack Facebook accounts and run malvertising schemes.
π΄ How Risk-Based Vulnerability Management Has Made Security Easier π΄
π Read
via "Dark Reading".
Trying to remediate everything was never a winning strategy. RBVM is an approach that gets organizations better results with less effort.π Read
via "Dark Reading".
Dark Reading
How Risk-Based Vulnerability Management Has Made Security Easier
Trying to remediate everything was never a winning strategy. RBVM is an approach that gets organizations better results with less effort.
π΄ Flying Blind in Security Operations π΄
π Read
via "Dark Reading".
Too many organizations are STILL getting breached. Every day across large and small organizations, intrusions and breaches happen.π Read
via "Dark Reading".
Dark Reading
Flying Blind in Security Operations
Too many organizations are STILL getting breached. Every day across large and small organizations, intrusions and breaches happen.
βΌ CVE-2022-1651 βΌ
π Read
via "National Vulnerability Database".
A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM. This flaw allows a local privileged attacker to leak unauthorized kernel information, causing a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1671 βΌ
π Read
via "National Vulnerability Database".
A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information.π Read
via "National Vulnerability Database".
β Novel Malware Hijacks Facebook Business Accounts β
π Read
via "Threat Post".
Newly discovered malware linked to Vietnamese threat actors targets users through a LinkedIn phishing campaign to steal data and admin privileges for financial gain.π Read
via "Threat Post".
Threat Post
Novel Malware Hijacks Facebook Business Accounts
Newly discovered malware linked to Vietnamese threat actors targets users through a LinkedIn phishing campaign to steal data and admin privileges for financial gain.
π΄ AI Can Help Fintechs Fight Fraud-as-a-Service π΄
π Read
via "Dark Reading".
Artificial intelligence tools can help companies strike the right balance between preventing financial crime and maintaining customer service and satisfaction.π Read
via "Dark Reading".
Dark Reading
AI Can Help Fintechs Fight Fraud-as-a-Service
Artificial intelligence tools can help companies strike the right balance between preventing financial crime and maintaining customer service and satisfaction.
π΄ Discord, Telegram Services Hijacked to Launch Array of Cyberattacks π΄
π Read
via "Dark Reading".
Attackers are easily turning popular messaging apps and their associated services β like bots, cloud infrastructure, and CDNs β against users, researchers warn.π Read
via "Dark Reading".
Dark Reading
Discord, Telegram Services Hijacked to Launch Array of Cyberattacks
Attackers are easily turning popular messaging apps and their associated services β like bots, cloud infrastructure, and CDNs β against users, researchers warn.