β Messaging Apps Tapped as Platform for Cybercriminal Activity β
π Read
via "Threat Post".
Built-in Telegram and Discord services are fertile ground for storing stolen data, hosting malware and using bots for nefarious purposes.π Read
via "Threat Post".
Threat Post
Messaging Apps Tapped as Platform for Cybercriminal Activity
Built-in Telegram and Discord services are fertile ground for storing stolen data, hosting malware and using bots for nefarious purposes.
π΄ Average Data Breach Costs Soar to $4.4M in 2022 π΄
π Read
via "Dark Reading".
Those costs are usually passed on to consumers, not investors, as compromised businesses raise prices for goods and services.π Read
via "Dark Reading".
Dark Reading
Average Data Breach Costs Soar to $4.4M in 2022
Call it a "cyber tax": Those costs are usually passed on to consumers, not investors, as compromised businesses raise prices for goods and services.
π΄ Is Your Home or Small Business Built on Secure Foundations? Think Againβ¦ π΄
π Read
via "Dark Reading".
Did you know that the standard router relied upon in homes and by thousands of small businesses is the most frequently attacked IoT device? James Willison, Project and Engagement Manager, IoT Security Foundation, explores the issue and reveals an ongoing initiative from the foundation that is designed to better secure the devices.π Read
via "Dark Reading".
Dark Reading
Is Your Home or Small Business Built on Secure Foundations? Think Againβ¦
Did you know that the standard router relied upon in homes and by thousands of small businesses is the most frequently attacked IoT device? James Willison, Project and Engagement Manager, IoT Security Foundation, explores the issue and reveals an ongoingβ¦
π΄ US Offers $10M Double-Reward for North Korea Cyberattacker Info π΄
π Read
via "Dark Reading".
North Korean state-sponsored actors, who help economically prop up Kim Jong Un's dictatorship, continue to pummel US infrastructure.π Read
via "Dark Reading".
Dark Reading
US Offers $10M Double-Reward for North Korea Cyberattacker Info
North Korean state-sponsored actors, who help economically prop up Kim Jong Un's dictatorship, continue to pummel US infrastructure.
π Clam AntiVirus Toolkit 0.105.1 π
π Read
via "Packet Storm Security".
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.π Read
via "Packet Storm Security".
Packetstormsecurity
Clam AntiVirus Toolkit 0.105.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2022-33943 βΌ
π Read
via "National Vulnerability Database".
Authenticated (contributor or higher user role) Cross-Site Scripting (XSS) vulnerability in Nico Amarilla's BxSlider WP plugin <= 2.0.0 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35672 βΌ
π Read
via "National Vulnerability Database".
Adobe Acrobat Reader version 22.001.20085 (and earlier), 20.005.30314 (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35669 βΌ
π Read
via "National Vulnerability Database".
Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 20.005.30334 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
π΄ Multiple Windows, Adobe Zero-Days Anchor Knotweed Commercial Spyware π΄
π Read
via "Dark Reading".
Microsoft flagged the company's Subzero tool set as on offer to unscrupulous governments and shady business interests.π Read
via "Dark Reading".
Dark Reading
Multiple Windows, Adobe Zero-Days Anchor Knotweed Commercial Spyware
Microsoft flagged the company's Subzero tool set as on offer to unscrupulous governments and shady business interests.
βΌ CVE-2022-34120 βΌ
π Read
via "National Vulnerability Database".
Barangay Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the module editing function at /pages/activity/activity.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34121 βΌ
π Read
via "National Vulnerability Database".
Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php.π Read
via "National Vulnerability Database".
β Critical Samba bug could let anyone become Domain Admin β patch now! β
π Read
via "Naked Security".
It's a serious bug... but there's a fix for it, so you know exactly what to do!π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
βΌ CVE-2020-6998 βΌ
π Read
via "National Vulnerability Database".
The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36949 βΌ
π Read
via "National Vulnerability Database".
In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38410 βΌ
π Read
via "National Vulnerability Database".
AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36946 βΌ
π Read
via "National Vulnerability Database".
nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36951 βΌ
π Read
via "National Vulnerability Database".
In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may compromise the host by exploiting an incorrectly patched vulnerability. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35911 βΌ
π Read
via "National Vulnerability Database".
On Patlite NH-FB series devices through 1.46, remote attackers can cause a denial of service by omitting the query string.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36952 βΌ
π Read
via "National Vulnerability Database".
In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.π Read
via "National Vulnerability Database".
βΌ CVE-2021-38417 βΌ
π Read
via "National Vulnerability Database".
VISAM VBASE version 11.6.0.6 is vulnerable to improper access control via the web-remote endpoint, which may allow an unauthenticated user viewing access to folders and files in the directory listing.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36953 βΌ
π Read
via "National Vulnerability Database".
In Veritas NetBackup OpsCenter, certain endpoints could allow an unauthenticated remote attacker to gain sensitive information. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10.π Read
via "National Vulnerability Database".