βΌ CVE-2022-30275 βΌ
π Read
via "National Vulnerability Database".
The Motorola MOSCAD Toolbox software through 2022-05-02 relies on a cleartext password. It utilizes an MDLC driver to communicate with MOSCAD/ACE RTUs for engineering purposes. Access to these communications is protected by a password stored in cleartext in the wmdlcdrv.ini driver configuration file. In addition, this password is used for access control to MOSCAD/STS projects protected with the Legacy Password feature. In this case, an insecure CRC of the password is present in the project file: this CRC is validated against the password in the driver configuration file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29957 βΌ
π Read
via "National Vulnerability Database".
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36129 βΌ
π Read
via "National Vulnerability Database".
HashiCorp Vault and Vault Enterprise through 2022-07-17 have Incorrect Access Control.π Read
via "National Vulnerability Database".
β Mild monthly security update from Firefox β but update anyway β
π Read
via "Naked Security".
You're probably thinking we're going to say, "Don't delay/Do it today"... and that's exactly what we are saying!π Read
via "Naked Security".
Naked Security
Mild monthly security update from Firefox β but update anyway
Youβre probably thinking weβre going to say, βDonβt delay/Do it todayββ¦ and thatβs exactly what we are saying!
βοΈ A Retrospective on the 2015 Ashley Madison Breach βοΈ
π Read
via "Krebs on Security".
It's been seven years since the online cheating site AshleyMadison.com was hacked and highly sensitive data about its users posted online. The leak led to the public shaming and extortion of many AshleyMadison users, and to at least two suicides. To date, little is publicly known about the perpetrators or the true motivation for the attack. But a recent review of AshleyMadison mentions across Russian cybercrime forums and far-right underground websites in the months leading up to the hack revealed some previously unreported details that may deserve further scrutiny.π Read
via "Krebs on Security".
Krebs on Security
A Retrospective on the 2015 Ashley Madison Breach
It's been seven years since the online cheating site AshleyMadison.com was hacked and highly sensitive data about its users posted online. The leak led to the public shaming and extortion of many AshleyMadison users, and to at least two suicides.β¦
βΌ CVE-2022-34612 βΌ
π Read
via "National Vulnerability Database".
Rizin v0.4.0 and below was discovered to contain an integer overflow via the function get_long_object(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted binary.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36880 βΌ
π Read
via "National Vulnerability Database".
The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34594 βΌ
π Read
via "National Vulnerability Database".
Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component ip/school/moudel/update_subject.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Subject text field.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36879 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34971 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34611 βΌ
π Read
via "National Vulnerability Database".
A cross-site scripting (XSS) vulnerability in /index.php/?p=report of Online Fire Reporting System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "Contac #" text field.π Read
via "National Vulnerability Database".
ποΈ Open-Xchange issues fixes for RCE, SSRF bugs in OX App Suite ποΈ
π Read
via "The Daily Swig".
Security release also includes precautionary patches for potential Log4j-like flaw in Logback libraryπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Open-Xchange issues fixes for RCE, SSRF bugs in OX App Suite
Security release also includes precautionary patches for potential Log4j-like flaw in Logback library
π1
π What is the OSI Model? An Overview of the OSI Model's 7 Layers π
π Read
via "".
The OSI model includes seven layers that computer systems use to communicate over networks. Learn about the OSI Model layers and how they interact in this blog.π Read
via "".
Digital Guardian
What is the OSI Model? An Overview of the OSI Model's 7 Layers
π΄ No More Ransom Helped More Than 1.5 Million People Decrypt Their Devices π΄
π Read
via "Dark Reading".
.π Read
via "Dark Reading".
Dark Reading
No More Ransom Helped More Than 1.5 Million People Decrypt Their Devices
π΄ 8 Hot Summer Fiction Reads for Cybersecurity Pros π΄
π Read
via "Dark Reading".
A reading list of recommended novels curated by cybersecurity experts for cybersecurity experts.π Read
via "Dark Reading".
Dark Reading
8 Hot Summer Fiction Reads for Cybersecurity Pros
A reading list of recommended novels curated by cybersecurity experts for cybersecurity experts.
π΄ The Great BizApp Hack: Cyber-Risks in Your Everyday Business Applications π΄
π Read
via "Dark Reading".
IT admins can lock some of the obvious open doors in business applications, but system visibility is key. Build automatic monitoring defenses and adopt a Git-like tool so you can "version" your business apps to restore prior states.π Read
via "Dark Reading".
Dark Reading
The Great BizApp Hack: Cyber-Risks in Your Everyday Business Applications
IT admins can lock some of the obvious open doors in business applications, but system visibility is key. Build automatic monitoring defenses and adopt a Git-like tool so you can "version" your business apps to restore prior states.
ποΈ One in five data breaches due to software supply chain compromise, IBM report warns ποΈ
π Read
via "The Daily Swig".
Attack vector cost businesses 2.5% more in one yearπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
One in five data breaches due to software supply chain compromise, IBM report warns
Attack vector cost businesses 2.5% more in one year
π΄ First Cohort Graduates from PSM Cyber Stars Program at Liverpool FC π΄
π Read
via "Dark Reading".
New careers in IT open up for former footballers.π Read
via "Dark Reading".
Dark Reading
First Cohort Graduates from PSM Cyber Stars Program at Liverpool FC
New careers in IT open up for former footballers.
π1
βΌ CVE-2022-36898 βΌ
π Read
via "National Vulnerability Database".
A missing permission check in Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins.π Read
via "National Vulnerability Database".
βΌ CVE-2022-33970 βΌ
π Read
via "National Vulnerability Database".
Authenticated WordPress Options Change vulnerability in Biplob018 Shortcode Addons plugin <= 3.1.2 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36886 βΌ
π Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins External Monitor Job Type Plugin 191.v363d0d1efdf8 and earlier allows attackers to create runs of an external job.π Read
via "National Vulnerability Database".