βΌ CVE-2022-31205 βΌ
π Read
via "National Vulnerability Database".
In Omron CS series, CJ series, and CP series PLCs through 2022-05-18, the password for access to the Web UI is stored in memory area D1449...D1452 and can be read out using the Omron FINS protocol without any further authentication.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30273 βΌ
π Read
via "National Vulnerability Database".
The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm (TEA) block-cipher in ECB mode. This mode of operation does not offer message integrity and offers reduced confidentiality above the block level, as demonstrated by an ECB Penguin attack against any block ciphers.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31204 βΌ
π Read
via "National Vulnerability Database".
Omron CS series, CJ series, and CP series PLCs through 2022-05-18 use cleartext passwords. They feature a UM Protection setting that allows users or system integrators to configure a password in order to restrict sensitive engineering operations (such as project/logic uploads and downloads). This password is set using the OMRON FINS command Program Area Protect and unset using the command Program Area Protect Clear, both of which are transmitted in cleartext.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29963 βΌ
π Read
via "National Vulnerability Database".
The Emerson DeltaV Distributed Control System (DCS) controllers and IO cards through 2022-04-29 misuse passwords. TELNET on port 18550 provides access to a root shell via hardcoded credentials. This affects S-series, P-series, and CIOC/EIOC nodes. NOTE: this is different from CVE-2014-2350.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30275 βΌ
π Read
via "National Vulnerability Database".
The Motorola MOSCAD Toolbox software through 2022-05-02 relies on a cleartext password. It utilizes an MDLC driver to communicate with MOSCAD/ACE RTUs for engineering purposes. Access to these communications is protected by a password stored in cleartext in the wmdlcdrv.ini driver configuration file. In addition, this password is used for access control to MOSCAD/STS projects protected with the Legacy Password feature. In this case, an insecure CRC of the password is present in the project file: this CRC is validated against the password in the driver configuration file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29957 βΌ
π Read
via "National Vulnerability Database".
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36129 βΌ
π Read
via "National Vulnerability Database".
HashiCorp Vault and Vault Enterprise through 2022-07-17 have Incorrect Access Control.π Read
via "National Vulnerability Database".
β Mild monthly security update from Firefox β but update anyway β
π Read
via "Naked Security".
You're probably thinking we're going to say, "Don't delay/Do it today"... and that's exactly what we are saying!π Read
via "Naked Security".
Naked Security
Mild monthly security update from Firefox β but update anyway
Youβre probably thinking weβre going to say, βDonβt delay/Do it todayββ¦ and thatβs exactly what we are saying!
βοΈ A Retrospective on the 2015 Ashley Madison Breach βοΈ
π Read
via "Krebs on Security".
It's been seven years since the online cheating site AshleyMadison.com was hacked and highly sensitive data about its users posted online. The leak led to the public shaming and extortion of many AshleyMadison users, and to at least two suicides. To date, little is publicly known about the perpetrators or the true motivation for the attack. But a recent review of AshleyMadison mentions across Russian cybercrime forums and far-right underground websites in the months leading up to the hack revealed some previously unreported details that may deserve further scrutiny.π Read
via "Krebs on Security".
Krebs on Security
A Retrospective on the 2015 Ashley Madison Breach
It's been seven years since the online cheating site AshleyMadison.com was hacked and highly sensitive data about its users posted online. The leak led to the public shaming and extortion of many AshleyMadison users, and to at least two suicides.β¦
βΌ CVE-2022-34612 βΌ
π Read
via "National Vulnerability Database".
Rizin v0.4.0 and below was discovered to contain an integer overflow via the function get_long_object(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36880 βΌ
π Read
via "National Vulnerability Database".
The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34594 βΌ
π Read
via "National Vulnerability Database".
Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component ip/school/moudel/update_subject.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Subject text field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36879 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34971 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34611 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in /index.php/?p=report of Online Fire Reporting System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "Contac #" text field.π Read
via "National Vulnerability Database".
ποΈ Open-Xchange issues fixes for RCE, SSRF bugs in OX App Suite ποΈ
π Read
via "The Daily Swig".
Security release also includes precautionary patches for potential Log4j-like flaw in Logback libraryπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Open-Xchange issues fixes for RCE, SSRF bugs in OX App Suite
Security release also includes precautionary patches for potential Log4j-like flaw in Logback library
π1
π What is the OSI Model? An Overview of the OSI Model's 7 Layers π
π Read
via "".
The OSI model includes seven layers that computer systems use to communicate over networks. Learn about the OSI Model layers and how they interact in this blog.π Read
via "".
Digital Guardian
What is the OSI Model? An Overview of the OSI Model's 7 Layers
π΄ No More Ransom Helped More Than 1.5 Million People Decrypt Their Devices π΄
π Read
via "Dark Reading".
.π Read
via "Dark Reading".
Dark Reading
No More Ransom Helped More Than 1.5 Million People Decrypt Their Devices
π΄ 8 Hot Summer Fiction Reads for Cybersecurity Pros π΄
π Read
via "Dark Reading".
A reading list of recommended novels curated by cybersecurity experts for cybersecurity experts.π Read
via "Dark Reading".
Dark Reading
8 Hot Summer Fiction Reads for Cybersecurity Pros
A reading list of recommended novels curated by cybersecurity experts for cybersecurity experts.
π΄ The Great BizApp Hack: Cyber-Risks in Your Everyday Business Applications π΄
π Read
via "Dark Reading".
IT admins can lock some of the obvious open doors in business applications, but system visibility is key. Build automatic monitoring defenses and adopt a Git-like tool so you can "version" your business apps to restore prior states.π Read
via "Dark Reading".
Dark Reading
The Great BizApp Hack: Cyber-Risks in Your Everyday Business Applications
IT admins can lock some of the obvious open doors in business applications, but system visibility is key. Build automatic monitoring defenses and adopt a Git-like tool so you can "version" your business apps to restore prior states.
ποΈ One in five data breaches due to software supply chain compromise, IBM report warns ποΈ
π Read
via "The Daily Swig".
Attack vector cost businesses 2.5% more in one yearπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
One in five data breaches due to software supply chain compromise, IBM report warns
Attack vector cost businesses 2.5% more in one year