βΌ CVE-2021-33459 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in nasm_parser_directive() in modules/parsers/nasm/nasm-parse.c.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33458 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in find_cc() in modules/preprocs/nasm/nasm-pp.c.π Read
via "National Vulnerability Database".
ποΈ FileWave MDM authentication bypass bugs expose managed devices to hijack risk ποΈ
π Read
via "The Daily Swig".
βVast majorityβ of users have updated systems thanks to vendor warningsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
FileWave MDM authentication bypass bugs expose managed devices to hijack risk
βVast majorityβ of users have updated systems thanks to vendor warnings
βΌ CVE-2022-35639 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive. IBM X-Force ID: 230932.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1648 βΌ
π Read
via "National Vulnerability Database".
Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote Code Execution with running application privilege.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36412 βΌ
π Read
via "National Vulnerability Database".
In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. (An API request may, in effect, be executed with the credentials of a user who authenticated in the past.)π Read
via "National Vulnerability Database".
βΌ CVE-2022-22412 βΌ
π Read
via "National Vulnerability Database".
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with access to the local host (client machine) to obtain a login access token. IBM X-Force ID: 223019.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35286 βΌ
π Read
via "National Vulnerability Database".
IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230814.π Read
via "National Vulnerability Database".
π΄ Ducktail Spear-Phishing Campaign Uses LinkedIn to Hijack Facebook Business Accounts π΄
π Read
via "Dark Reading".
Ducktail targets marketing and HR professionals through LinkedIn to hijack Facebook accounts and run malvertising schemes.π Read
via "Dark Reading".
Dark Reading
Ducktail Spear-Phishing Campaign Uses LinkedIn to Hijack Facebook Business Accounts
Ducktail targets marketing and HR professionals through LinkedIn to hijack Facebook accounts and run malvertising schemes.
π΄ How Risk-Based Vulnerability Management Has Made Security Easier π΄
π Read
via "Dark Reading".
Trying to remediate everything was never a winning strategy. RBVM is an approach that gets organizations better results with less effort.π Read
via "Dark Reading".
Dark Reading
How Risk-Based Vulnerability Management Has Made Security Easier
Trying to remediate everything was never a winning strategy. RBVM is an approach that gets organizations better results with less effort.
π΄ Flying Blind in Security Operations π΄
π Read
via "Dark Reading".
Too many organizations are STILL getting breached. Every day across large and small organizations, intrusions and breaches happen.π Read
via "Dark Reading".
Dark Reading
Flying Blind in Security Operations
Too many organizations are STILL getting breached. Every day across large and small organizations, intrusions and breaches happen.
βΌ CVE-2022-1651 βΌ
π Read
via "National Vulnerability Database".
A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM. This flaw allows a local privileged attacker to leak unauthorized kernel information, causing a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1671 βΌ
π Read
via "National Vulnerability Database".
A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information.π Read
via "National Vulnerability Database".
β Novel Malware Hijacks Facebook Business Accounts β
π Read
via "Threat Post".
Newly discovered malware linked to Vietnamese threat actors targets users through a LinkedIn phishing campaign to steal data and admin privileges for financial gain.π Read
via "Threat Post".
Threat Post
Novel Malware Hijacks Facebook Business Accounts
Newly discovered malware linked to Vietnamese threat actors targets users through a LinkedIn phishing campaign to steal data and admin privileges for financial gain.
π΄ AI Can Help Fintechs Fight Fraud-as-a-Service π΄
π Read
via "Dark Reading".
Artificial intelligence tools can help companies strike the right balance between preventing financial crime and maintaining customer service and satisfaction.π Read
via "Dark Reading".
Dark Reading
AI Can Help Fintechs Fight Fraud-as-a-Service
Artificial intelligence tools can help companies strike the right balance between preventing financial crime and maintaining customer service and satisfaction.
π΄ Discord, Telegram Services Hijacked to Launch Array of Cyberattacks π΄
π Read
via "Dark Reading".
Attackers are easily turning popular messaging apps and their associated services β like bots, cloud infrastructure, and CDNs β against users, researchers warn.π Read
via "Dark Reading".
Dark Reading
Discord, Telegram Services Hijacked to Launch Array of Cyberattacks
Attackers are easily turning popular messaging apps and their associated services β like bots, cloud infrastructure, and CDNs β against users, researchers warn.
π΄ Economic Downturn Raises Risk of Insiders Going Rogue π΄
π Read
via "Dark Reading".
Insiders could become more vulnerable to cybercrime recruitment efforts, new report says.π Read
via "Dark Reading".
Dark Reading
Economic Downturn Raises Risk of Insiders Going Rogue
Insiders could become more vulnerable to cybercrime recruitment efforts, new report says.
π΄ LockBit 3.0: Significantly Improved Ransomware Helps the Gang Stay on Top π΄
π Read
via "Dark Reading".
Just ahead of its headline-grabbing attack on the Italian tax agency, the infamous ransomware group debuted an improved version of the malware featuring parts from Egregor and BlackMatter.π Read
via "Dark Reading".
Dark Reading
LockBit 3.0: Significantly Improved Ransomware Helps the Gang Stay on Top
Just ahead of its headline-grabbing attack on the Italian tax agency, the infamous ransomware group debuted an improved version of the malware featuring parts from Egregor and BlackMatter.
π΄ Microsoft Tops Brands Phishers Prefer π΄
π Read
via "Dark Reading".
Wide use of Microsoft 365 applications by business lets phishers easily launch data theft, BEC, ransomware, and other attacks, new report finds.π Read
via "Dark Reading".
Dark Reading
Microsoft Tops Brands Phishers Prefer
Wide use of Microsoft 365 applications by business lets phishers easily launch data theft, BEC, ransomware, and other attacks, new report finds.
π΄ Norton Consumer Cyber Safety Pulse Report: Phishing for New Bait on Social Media π΄
π Read
via "Dark Reading".
Year-long analysis from Norton Labs finds nearly three-quarters of phishing sites imitate Facebook.π Read
via "Dark Reading".
Dark Reading
Norton Consumer Cyber Safety Pulse Report: Phishing for New Bait on Social Media
Year-long analysis from Norton Labs finds nearly three-quarters of phishing sites imitate Facebook.
π΄ Craig Newmark Gives UC Berkeley $2 Million for University Cybersecurity Clinics π΄
π Read
via "Dark Reading".
.π Read
via "Dark Reading".
Dark Reading
Craig Newmark Gives UC Berkeley $2 Million for University Cybersecurity Clinics
.